CVE-2023-6374 MEDIUM

CVE-2023-6374

Vendor Mitsubishi Electric Corporation
Product MELSEC WS Series WS0-GETH00200
Weakness CWE-294
Published January 30, 2024
Last update June 9, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.

Key dates

02Disclosure timeline

January 30, 2024 CVE published
June 9, 2025 Record updated