Details of VAR-202311-2161

ID

VAR-202311-2161

CVE

CVE-2023-5274

TITLE

Mitsubishi Electric's GX Works2 Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-026369

DESCRIPTION

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller of Mitsubishi Electric Corporation of Japan

Trust: 2.25

sources: NVD: CVE-2023-5274 // JVNDB: JVNDB-2023-026369 // CNVD: CNVD-2024-00209 // VULMON: CVE-2023-5274

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-00209

AFFECTED PRODUCTS

vendor:	mitsubishielectric	model:	gx works2	scope:	eq	version:	*	Trust: 1.0
vendor:	三菱電機	model:	gx works2	scope:	eq	version:	-	Trust: 0.8
vendor:	三菱電機	model:	gx works2	scope:	-	version:	-	Trust: 0.8
vendor:	mitsubishi	model:	electric mitsubishi electric gx works2	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-00209 // JVNDB: JVNDB-2023-026369 // NVD: CVE-2023-5274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-5274
value:	MEDIUM
Trust: 1.0
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp:	CVE-2023-5274
value:	LOW
Trust: 1.0
NVD:	CVE-2023-5274
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-00209
value:	LOW
Trust: 0.6

CNVD:	CNVD-2024-00209
severity:	LOW
baseScore:	1.0
vectorString:	AV:L/AC:H/AU:S/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	1.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-5274
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	3.6
version:	3.1
Trust: 1.0
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp:	CVE-2023-5274
baseSeverity:	LOW
baseScore:	2.5
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.0
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2023-5274
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-00209 // JVNDB: JVNDB-2023-026369 // NVD: CVE-2023-5274 // NVD: CVE-2023-5274

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-026369 // NVD: CVE-2023-5274

PATCH

title:

Patch for Mitsubishi Electric GX Works2 Input Validation Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/513041

Trust: 0.6

sources: CNVD: CNVD-2024-00209

EXTERNAL IDS

db:	NVD	id:	CVE-2023-5274	Trust: 3.3
db:	ICS CERT	id:	ICSA-23-331-03	Trust: 1.9
db:	JVN	id:	JVNVU98760962	Trust: 1.9
db:	JVNDB	id:	JVNDB-2023-026369	Trust: 0.8
db:	CNVD	id:	CNVD-2024-00209	Trust: 0.6
db:	VULMON	id:	CVE-2023-5274	Trust: 0.1

sources: CNVD: CNVD-2024-00209 // VULMON: CVE-2023-5274 // JVNDB: JVNDB-2023-026369 // NVD: CVE-2023-5274

REFERENCES

url:	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf	Trust: 2.5
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03	Trust: 2.0
url:	https://jvn.jp/vu/jvnvu98760962/index.html	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-5274	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-00209 // VULMON: CVE-2023-5274 // JVNDB: JVNDB-2023-026369 // NVD: CVE-2023-5274

SOURCES

db:	CNVD	id:	CNVD-2024-00209
db:	VULMON	id:	CVE-2023-5274
db:	JVNDB	id:	JVNDB-2023-026369
db:	NVD	id:	CVE-2023-5274

LAST UPDATE DATE

2025-03-14T22:44:38.741000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-00209	date:	2024-01-03T00:00:00
db:	VULMON	id:	CVE-2023-5274	date:	2023-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-026369	date:	2024-07-17T01:59:00
db:	NVD	id:	CVE-2023-5274	date:	2023-12-05T18:20:39.937

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-00209	date:	2024-01-03T00:00:00
db:	VULMON	id:	CVE-2023-5274	date:	2023-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-026369	date:	2024-07-17T00:00:00
db:	NVD	id:	CVE-2023-5274	date:	2023-11-30T05:15:09.983