CVE-2023-5247
Last modified
CVE-2023-5247 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Gx Works3 | All versions |
| Mitsubishielectric | Melsoft Iq Appportal | All versions |
| Mitsubishielectric | Melsoft Navigator | All versions |
| Mitsubishielectric | Motion Control Setting | All versions |
References
- https://jvn.jp/vu/JVNVU93383160/Mitigation, Third Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-016_en.pdfMitigation, Vendor Advisory
- https://jvn.jp/vu/JVNVU93383160/Mitigation, Third Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-016_en.pdfMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5247?
How severe is CVE-2023-5247?
How do I fix CVE-2023-5247?
Are you affected by CVE-2023-5247?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST