How severe is CVE-2023-2062?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Vulnerability in Mitsubishi Electric Corporation Ethernet/ip Configuration Tool For Fx5-enet/ip Sw1dnn-eipctfx5-bd

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series Eth…

EPSS: 0.001 (22.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Mitsubishi Electric Corporation Ethernet/ip Configuration Tool For Fx5-enet/ip Sw1dnn-eipctfx5-bd — versions Software version "1.01B" and prior
Mitsubishi Electric Corporation Ethernet/ip Configuration Tool For Rj71eip91 Sw1dnn-eipct-bd — versions Software version "1.01B" and prior

Weakness classification (CWE)

CWE-549

References

www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf (vendor-advisory)
jvn.jp/vu/JVNVU92908006 (government-resource)
www.cisa.gov/news-events/ics-advisories/icsa-23-157-02 (government-resource)

Frequently asked questions

What is CVE-2023-2062?: CVE-2023-2062 is a medium-severity vulnerability in Mitsubishi Electric Corporation Ethernet/ip Configuration Tool For Fx5-enet/ip Sw1dnn-eipctfx5-bd, classified under CWE-549. CVSS score: 6.2/10. Published 2023-06-02.
How severe is CVE-2023-2062?: Medium severity. CVSS v3 base score is 6.2 out of 10.