Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5967 vulnerabilities reference this CWE, most recent first.

CVE-2023-4677 (GCVE-0-2023-4677)

Vulnerability from cvelistv5 – Published: 2023-11-23 14:22 – Updated: 2024-12-02 19:39
VLAI
Title
Unauthenticated Admin Account Takeover Via Cron Log File Backups
Summary
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Pandora FMS Pandora FMS Affected: 700 , ≤ 772 (custom)
Create a notification for this product.
Date Public
2023-11-23 14:30
Credits
Oliver Brooks <ollie.brooks@nccgroup.com>
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4677",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T19:39:32.603254Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T19:39:44.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "all"
          ],
          "product": "Pandora FMS",
          "vendor": "Pandora FMS",
          "versions": [
            {
              "lessThanOrEqual": "772",
              "status": "affected",
              "version": "700",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
        }
      ],
      "datePublic": "2023-11-23T14:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS \u0026lt;= 772."
            }
          ],
          "value": "Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS \u003c= 772."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T14:22:01.559Z",
        "orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
        "shortName": "PandoraFMS"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fixed in v773 and v772.1"
            }
          ],
          "value": "Fixed in v773 and v772.1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated Admin Account Takeover Via Cron Log File Backups",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
    "assignerShortName": "PandoraFMS",
    "cveId": "CVE-2023-4677",
    "datePublished": "2023-11-23T14:22:01.559Z",
    "dateReserved": "2023-08-31T15:38:14.018Z",
    "dateUpdated": "2024-12-02T19:39:44.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4568 (GCVE-0-2023-4568)

Vulnerability from cvelistv5 – Published: 2023-09-13 20:28 – Updated: 2024-09-25 19:58
VLAI
Title
PaperCut NG Unauthenticated XMLRPC
Summary
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2023-31"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4568",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T19:57:57.034722Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T19:58:08.922Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PaperCut NG",
          "vendor": "PaperCut",
          "versions": [
            {
              "status": "unknown",
              "version": "0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch."
            }
          ],
          "value": "PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T20:28:52.656Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/research/tra-2023-31"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "PaperCut NG Unauthenticated XMLRPC",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2023-4568",
    "datePublished": "2023-09-13T20:28:52.656Z",
    "dateReserved": "2023-08-28T18:17:53.703Z",
    "dateUpdated": "2024-09-25T19:58:08.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4562 (GCVE-0-2023-4562)

Vulnerability from cvelistv5 – Published: 2023-10-13 01:26 – Updated: 2025-02-27 20:41
VLAI
Title
Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
Summary
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/UA1 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/UA1 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MS/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MS/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-64MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-96MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-96MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MR/D-T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MR/DS-T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT-LT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT-LT-2 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/D-P4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/DSS-P4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GC-32MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GC-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-24MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-40MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-60MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-24MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-40MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-60MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ES-2AD Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MR/ES-2AD Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ESS-2AD Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-10MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-14MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-20MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-30MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-10MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-14MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-20MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-30MR-CM Affected: all versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU90509290/"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4562",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:33.561687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:41:33.964Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/UA1",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/UA1",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MS/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MS/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-64MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-96MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-96MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MR/D-T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MR/DS-T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT-LT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT-LT-2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/D-P4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/DSS-P4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-24MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-40MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-60MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-24MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-40MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-60MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ES-2AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MR/ES-2AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ESS-2AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-10MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-14MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-20MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-30MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-10MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-14MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-20MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-30MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.\u003cbr\u003e\n\n\n\n\n\n"
            }
          ],
          "value": "Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.\n\n\n\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Disclosure, Information Tampering and Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T01:26:06.018Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU90509290/"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-4562",
    "datePublished": "2023-10-13T01:26:06.018Z",
    "dateReserved": "2023-08-28T01:49:36.225Z",
    "dateUpdated": "2025-02-27T20:41:33.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4501 (GCVE-0-2023-4501)

Vulnerability from cvelistv5 – Published: 2023-09-12 18:05 – Updated: 2024-09-26 14:08
VLAI
Title
Authentication bypass in OpenText (Micro Focus) Enterprise Server
Summary
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-358 - Improperly Implemented Security Check for Standard
  • CWE-253 - Incorrect Check of Function Return Value
Assigner
References
Impacted products
Vendor Product Version
OpenText Visual COBOL, COBOL Server, Enterprise Developer, Enterprise Server Affected: 7.0.19 , < 7.0.21 (patch update)
Affected: 8.0.8 , < 8.0.10 (patch update)
Affected: 9.0.1 , < 9.0.2 (patch update)
Create a notification for this product.
opentext visual_cobal_cobal_server_enterprise_developer_enterprise_server Affected: 7.0.19 , < 7.0.21 (custom)
Affected: 8.0.8 , < 8.0.10 (custom)
Affected: 9.0.1 , < 9.0.2 (custom)
    cpe:2.3:a:opentext:visual_cobal_cobal_server_enterprise_developer_enterprise_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-01 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.microfocus.com/s/article/KM000021287"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:opentext:visual_cobal_cobal_server_enterprise_developer_enterprise_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "visual_cobal_cobal_server_enterprise_developer_enterprise_server",
            "vendor": "opentext",
            "versions": [
              {
                "lessThan": "7.0.21",
                "status": "affected",
                "version": "7.0.19",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.10",
                "status": "affected",
                "version": "8.0.8",
                "versionType": "custom"
              },
              {
                "lessThan": "9.0.2",
                "status": "affected",
                "version": "9.0.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4501",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T13:56:28.372526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:08:41.901Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "AIX Solaris HP-UX"
          ],
          "product": "Visual COBOL, COBOL Server, Enterprise Developer, Enterprise Server",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThan": "7.0.21",
              "status": "affected",
              "version": "7.0.19",
              "versionType": "patch update"
            },
            {
              "lessThan": "8.0.10",
              "status": "affected",
              "version": "8.0.8",
              "versionType": "patch update"
            },
            {
              "lessThan": "9.0.2",
              "status": "affected",
              "version": "9.0.1",
              "versionType": "patch update"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact OpenText Support for more information.\u003cbr\u003e"
            }
          ],
          "value": "Contact OpenText Support for more information.\n"
        }
      ],
      "datePublic": "2023-09-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\u003cbr\u003e\u003cbr\u003eMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\u003cbr\u003e\u003cbr\u003eAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\u003cbr\u003e"
            }
          ],
          "value": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\n\nMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\n\nAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "OpenText has not been informed of any exploitation of this vulnerability.\u003cbr\u003e"
            }
          ],
          "value": "OpenText has not been informed of any exploitation of this vulnerability.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253 Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T18:05:56.684Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://portal.microfocus.com/s/article/KM000021287"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Install 7.0 Patch Update 21, 8.0 Patch Update 10, or 9.0 Patch Update 2, or later, when available. Hotfix overlays are available now for common platforms and can be produced for other platforms; contact OpenText Support to request a hotfix overlay.\u003cbr\u003e"
            }
          ],
          "value": "Install 7.0 Patch Update 21, 8.0 Patch Update 10, or 9.0 Patch Update 2, or later, when available. Hotfix overlays are available now for common platforms and can be produced for other platforms; contact OpenText Support to request a hotfix overlay.\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-08T00:00:00.000Z",
          "value": "Reported by customer."
        },
        {
          "lang": "en",
          "time": "2023-08-22T00:00:00.000Z",
          "value": "Fix made available."
        },
        {
          "lang": "en",
          "time": "2023-09-01T00:00:00.000Z",
          "value": "Security bulletin published."
        }
      ],
      "title": "Authentication bypass in OpenText (Micro Focus) Enterprise Server",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact OpenText Support for workaround details.\u003cbr\u003e"
            }
          ],
          "value": "Contact OpenText Support for workaround details.\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2023-4501",
    "datePublished": "2023-09-12T18:05:56.684Z",
    "dateReserved": "2023-08-23T18:01:40.973Z",
    "dateUpdated": "2024-09-26T14:08:41.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4415 (GCVE-0-2023-4415)

Vulnerability from cvelistv5 – Published: 2023-08-18 16:00 – Updated: 2024-08-02 07:24
VLAI
Title
Ruijie RG-EW1200G login improper authentication
Summary
A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE
  • CWE-287 - Improper Authentication
Assigner
References
URL Tags
https://vuldb.com/?id.237518 vdb-entrytechnical-description
https://vuldb.com/?ctiid.237518 signaturepermissions-required
https://github.com/blakespire/repoforcve/tree/mai… broken-linkexploit
Impacted products
Vendor Product Version
Ruijie RG-EW1200G Affected: 07161417 r483
Create a notification for this product.
Credits
t1nk3rl94e (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.237518"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.237518"
          },
          {
            "tags": [
              "broken-link",
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G-logic"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RG-EW1200G",
          "vendor": "Ruijie",
          "versions": [
            {
              "status": "affected",
              "version": "07161417 r483"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "t1nk3rl94e (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Ruijie RG-EW1200G 07161417 r483 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /api/sys/login. Mittels Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T07:39:47.354Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.237518"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.237518"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G-logic"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-08-18T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-08-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-09-13T14:37:55.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Ruijie RG-EW1200G login improper authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-4415",
    "datePublished": "2023-08-18T16:00:06.712Z",
    "dateReserved": "2023-08-18T08:20:28.373Z",
    "dateUpdated": "2024-08-02T07:24:04.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4242 (GCVE-0-2023-4242)

Vulnerability from cvelistv5 – Published: 2023-08-09 03:36 – Updated: 2026-04-08 17:13
VLAI
Title
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check
Summary
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
fullservices FULL – Cliente Affected: 0 , ≤ 2.2.3 (semver)
Create a notification for this product.
Credits
Ramuel Gall
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:03.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.php"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4242",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:28:54.226997Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T19:36:52.211Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FULL \u2013 Cliente",
          "vendor": "fullservices",
          "versions": [
            {
              "lessThanOrEqual": "2.2.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ramuel Gall"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:13:39.702Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.php"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/2.3/app/api/Controller.php?rev=2951561"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-08T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "FULL - Customer \u003c= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-4242",
    "datePublished": "2023-08-09T03:36:14.224Z",
    "dateReserved": "2023-08-08T15:28:19.695Z",
    "dateUpdated": "2026-04-08T17:13:39.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3638 (GCVE-0-2023-3638)

Vulnerability from cvelistv5 – Published: 2023-07-19 14:22 – Updated: 2025-01-16 21:31
VLAI
Title
GeoVision GV-ADR2701 Improper Authentication
Summary
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
GeoVision GV-ADR2701 Affected: 1.00_2017_12_15
Create a notification for this product.
Date Public
2023-07-18 14:19
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3638",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:23:13.718169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:31:09.285Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GV-ADR2701",
          "vendor": "GeoVision ",
          "versions": [
            {
              "status": "affected",
              "version": "1.00_2017_12_15"
            }
          ]
        }
      ],
      "datePublic": "2023-07-18T14:19:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nIn GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n"
            }
          ],
          "value": "In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-19T14:22:13.198Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nGeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\u003cbr\u003e"
            }
          ],
          "value": "GeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GeoVision GV-ADR2701 Improper Authentication",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-3638",
    "datePublished": "2023-07-19T14:22:13.198Z",
    "dateReserved": "2023-07-12T13:56:15.455Z",
    "dateUpdated": "2025-01-16T21:31:09.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3622 (GCVE-0-2023-3622)

Vulnerability from cvelistv5 – Published: 2023-07-26 14:45 – Updated: 2024-08-02 07:01
VLAI
Title
Access Control Bypass Vulnerability in the SolarWinds Platform
Summary
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
SolarWinds SolarWinds Platform Affected: 2023.2 and previous versions
Create a notification for this product.
Date Public
2023-07-19 15:38
Credits
SolarWinds would like to thank Alex Shepard reporting this issue in a responsible manner.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:56.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-3622"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "SolarWinds Platform ",
          "vendor": "SolarWinds ",
          "versions": [
            {
              "status": "affected",
              "version": "2023.2 and previous versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SolarWinds would like to thank Alex Shepard reporting this issue in a responsible manner."
        }
      ],
      "datePublic": "2023-07-19T15:38:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(243, 243, 243);\"\u003e Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource \u003c/span\u003e"
            }
          ],
          "value": "\n Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-28T17:01:30.181Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
        },
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-3622"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3\n\n"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "Access Control Bypass Vulnerability in the SolarWinds Platform ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2023-3622",
    "datePublished": "2023-07-26T14:45:18.257Z",
    "dateReserved": "2023-07-11T15:00:02.490Z",
    "dateUpdated": "2024-08-02T07:01:56.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3597 (GCVE-0-2023-3597)

Vulnerability from cvelistv5 – Published: 2024-04-25 12:20 – Updated: 2025-11-11 15:57
VLAI
Title
Keycloak: secondary factor bypass in step-up authentication
Summary
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:1866 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1867 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1868 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3597 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2221760 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 22.0.10 (semver)
Affected: 23.0.0 , < 24.0.3 (semver)
Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.10-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 22 Unaffected: 22-13 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 22 Unaffected: 22-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 22.0.10     cpe:/a:redhat:build_keycloak:22
Create a notification for this product.
Red Hat RHSSO 7.6.8     cpe:/a:redhat:red_hat_single_sign_on:7.6
Create a notification for this product.
Date Public
2024-04-15 00:00
Credits
Red Hat would like to thank Johannes Bergmann (Bosch) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-02T15:08:53.952771Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:32.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:56.985Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1867",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1867"
          },
          {
            "name": "RHSA-2024:1868",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1868"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3597"
          },
          {
            "name": "RHBZ#2221760",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.keycloak.org/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "22.0.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.3",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat build of Keycloak 22.0.10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "product": "RHSSO 7.6.8",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Johannes Bergmann (Bosch) for reporting this issue."
        }
      ],
      "datePublic": "2024-04-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T15:57:27.827Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1866",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1866"
        },
        {
          "name": "RHSA-2024:1867",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1867"
        },
        {
          "name": "RHSA-2024:1868",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1868"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3597"
        },
        {
          "name": "RHBZ#2221760",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-10T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-04-15T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: secondary factor bypass in step-up authentication",
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3597",
    "datePublished": "2024-04-25T12:20:11.606Z",
    "dateReserved": "2023-07-10T17:01:10.485Z",
    "dateUpdated": "2025-11-11T15:57:27.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3591 (GCVE-0-2023-3591)

Vulnerability from cvelistv5 – Published: 2023-07-17 15:30 – Updated: 2024-10-21 19:39
VLAI
Title
Lack of previous password reset tokens on new token creation
Summary
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 0 , ≤ 7.8.6 (semver)
Affected: 0 , ≤ 7.9.4 (semver)
Affected: 0 , ≤ 7.10.2 (semver)
Unaffected: 7.8.7
Unaffected: 7.9.5
Unaffected: 7.10.3
Create a notification for this product.
Credits
SUBHASIS DATTA (claverrat)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:56.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mattermost.com/security-updates"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T19:38:35.067985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T19:39:25.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "7.8.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "7.8.7"
            },
            {
              "status": "unaffected",
              "version": "7.9.5"
            },
            {
              "status": "unaffected",
              "version": "7.10.3 "
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SUBHASIS DATTA (claverrat)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMattermost fails to invalidate previously generated password reset tokens when a new reset token was created.\u003c/p\u003e"
            }
          ],
          "value": "Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-17T15:30:05.295Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost to versions\u0026nbsp;v7.8.7,\u0026nbsp;v7.9.5,\u0026nbsp;v7.10.3 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost to versions\u00a0v7.8.7,\u00a0v7.9.5,\u00a0v7.10.3 or higher.\n\n"
        }
      ],
      "source": {
        "advisory": "MMSA-2023-00178",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-52140"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Lack of previous password reset tokens on new token creation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2023-3591",
    "datePublished": "2023-07-17T15:30:05.295Z",
    "dateReserved": "2023-07-10T15:08:38.159Z",
    "dateUpdated": "2024-10-21T19:39:25.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.