Vulnerability in Mitsubishi Electric Corporation Ezsocket
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Versi…
EPSS: 0.040 (88.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Mitsubishi Electric Corporation Ezsocket — versions 3.0 to 5.92
- Mitsubishi Electric Corporation Gt Designer3 Version1(got1000) — versions 1.325P and prior
- Mitsubishi Electric Corporation Gt Designer3 Version1(got2000) — versions 1.320J and prior
- Mitsubishi Electric Corporation Gx Works2 — versions 1.11M to 1.626C
- Mitsubishi Electric Corporation Gx Works3 — versions 1.106L and prior
- Mitsubishi Electric Corporation Melsoft Navigator — versions 1.04E to 2.102G
- Mitsubishi Electric Corporation Mt Works2 — versions 1.190Y and prior
- Mitsubishi Electric Corporation Mx Component — versions 4.00A to 5.007H
- Mitsubishi Electric Corporation Mx Opc Server Da/ua — versions all versions
Weakness classification (CWE)
Public proof-of-concept exploits
References
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf (vendor-advisory)
- jvn.jp/vu/JVNVU95103362 (government-resource)
- www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 (government-resource)
Frequently asked questions
- What is CVE-2023-6943?
- CVE-2023-6943 is a critical-severity vulnerability in Mitsubishi Electric Corporation Ezsocket, classified under Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection). CVSS score: 9.8/10. Published 2024-01-30.
- How severe is CVE-2023-6943?
- Critical severity. CVSS v3 base score is 9.8 out of 10.
- Is CVE-2023-6943 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.