CVE-2023-0457
03.03.2023, 05:15
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mitsubishielectric | fx5uc-32mr/ds-ts_firmware | * |
| mitsubishielectric | fx5uc-32mt/d_firmware | * |
| mitsubishielectric | fx5uc-32mt/dss_firmware | * |
| mitsubishielectric | fx5uc-32mt/dss-ts_firmware | * |
| mitsubishielectric | fx5uc-32mt/ds-ts_firmware | * |
| mitsubishielectric | fx5uc-64mt/d_firmware | * |
| mitsubishielectric | fx5uc-64mt/dss_firmware | * |
| mitsubishielectric | fx5uc-96mt/d_firmware | * |
| mitsubishielectric | fx5uc-96mt/dss_firmware | * |
| mitsubishielectric | fx5uj-24mr/es_firmware | * |
| mitsubishielectric | fx5uj-24mr/es-a_firmware | * |
| mitsubishielectric | fx5uj-24mt/es_firmware | * |
| mitsubishielectric | fx5uj-24mt/es-a_firmware | * |
| mitsubishielectric | fx5uj-24mt/ess_firmware | * |
| mitsubishielectric | fx5uj-40mr/es_firmware | * |
| mitsubishielectric | fx5uj-40mr/es-a_firmware | * |
| mitsubishielectric | fx5uj-40mt/es_firmware | * |
| mitsubishielectric | fx5uj-40mt/es-a_firmware | * |
| mitsubishielectric | fx5uj-40mt/ess_firmware | * |
| mitsubishielectric | fx5uj-60mr/es_firmware | * |
| mitsubishielectric | fx5uj-60mr/es-a_firmware | * |
| mitsubishielectric | fx5uj-60mt/es_firmware | * |
| mitsubishielectric | fx5uj-60mt/es-a_firmware | * |
| mitsubishielectric | fx5uj-60mt/ess_firmware | * |
| mitsubishielectric | fx5s-30mr/es_firmware | * |
| mitsubishielectric | fx5s-30mt/es_firmware | * |
| mitsubishielectric | fx5s-30mt/ess_firmware | * |
| mitsubishielectric | fx5s-40mr/es_firmware | * |
| mitsubishielectric | fx5s-40mt/es_firmware | * |
| mitsubishielectric | fx5s-40mt/ess_firmware | * |
| mitsubishielectric | fx5s-60mr/es_firmware | * |
| mitsubishielectric | fx5s-60mt/es_firmware | * |
| mitsubishielectric | fx5s-60mt/ess_firmware | * |
| mitsubishielectric | fx5s-80mr/es_firmware | * |
| mitsubishielectric | fx5s-80mt/es_firmware | * |
| mitsubishielectric | fx5s-80mt/ess_firmware | * |
| mitsubishielectric | fx5-enet_firmware | - |
| mitsubishielectric | fx5-enet/ip_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-256 - Plaintext Storage of a PasswordStoring a password in plaintext may result in a system compromise.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
References