Details of VAR-202311-2162

ID

VAR-202311-2162

CVE

CVE-2023-5275

TITLE

Mitsubishi Electric's GX Works2 Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-026370

DESCRIPTION

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric of Japan

Trust: 2.25

sources: NVD: CVE-2023-5275 // JVNDB: JVNDB-2023-026370 // CNVD: CNVD-2024-00208 // VULMON: CVE-2023-5275

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-00208

AFFECTED PRODUCTS

vendor:	mitsubishielectric	model:	gx works2	scope:	eq	version:	*	Trust: 1.0
vendor:	三菱電機	model:	gx works2	scope:	eq	version:	-	Trust: 0.8
vendor:	三菱電機	model:	gx works2	scope:	-	version:	-	Trust: 0.8
vendor:	mitsubishi	model:	electric mitsubishi electric gx works2	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-00208 // JVNDB: JVNDB-2023-026370 // NVD: CVE-2023-5275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-5275
value:	MEDIUM
Trust: 1.0
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp:	CVE-2023-5275
value:	LOW
Trust: 1.0
NVD:	CVE-2023-5275
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-00208
value:	LOW
Trust: 0.6

CNVD:	CNVD-2024-00208
severity:	LOW
baseScore:	1.0
vectorString:	AV:L/AC:H/AU:S/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	1.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-5275
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	3.6
version:	3.1
Trust: 1.0
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp:	CVE-2023-5275
baseSeverity:	LOW
baseScore:	2.5
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.0
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2023-5275
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-00208 // JVNDB: JVNDB-2023-026370 // NVD: CVE-2023-5275 // NVD: CVE-2023-5275

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-026370 // NVD: CVE-2023-5275

PATCH

title:

Patch for Mitsubishi Electric GX Works2 Input Validation Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/513036

Trust: 0.6

sources: CNVD: CNVD-2024-00208

EXTERNAL IDS

db:	NVD	id:	CVE-2023-5275	Trust: 3.3
db:	ICS CERT	id:	ICSA-23-331-03	Trust: 1.9
db:	JVN	id:	JVNVU98760962	Trust: 1.9
db:	JVNDB	id:	JVNDB-2023-026370	Trust: 0.8
db:	CNVD	id:	CNVD-2024-00208	Trust: 0.6
db:	VULMON	id:	CVE-2023-5275	Trust: 0.1

sources: CNVD: CNVD-2024-00208 // VULMON: CVE-2023-5275 // JVNDB: JVNDB-2023-026370 // NVD: CVE-2023-5275

REFERENCES

url:	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf	Trust: 2.5
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03	Trust: 2.0
url:	https://jvn.jp/vu/jvnvu98760962/index.html	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-5275	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-00208 // VULMON: CVE-2023-5275 // JVNDB: JVNDB-2023-026370 // NVD: CVE-2023-5275

SOURCES

db:	CNVD	id:	CNVD-2024-00208
db:	VULMON	id:	CVE-2023-5275
db:	JVNDB	id:	JVNDB-2023-026370
db:	NVD	id:	CVE-2023-5275

LAST UPDATE DATE

2025-03-14T22:44:38.765000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-00208	date:	2025-03-13T00:00:00
db:	VULMON	id:	CVE-2023-5275	date:	2023-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-026370	date:	2024-07-17T01:59:00
db:	NVD	id:	CVE-2023-5275	date:	2023-12-05T18:18:37.050

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-00208	date:	2024-01-03T00:00:00
db:	VULMON	id:	CVE-2023-5275	date:	2023-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-026370	date:	2024-07-17T00:00:00
db:	NVD	id:	CVE-2023-5275	date:	2023-11-30T05:15:10.400