CVE-2023-0457
03.03.2023, 05:15
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mitsubishielectric | fx5uc-32mr\/ds-ts_firmware | * |
| mitsubishielectric | fx5uc-32mt\/d_firmware | * |
| mitsubishielectric | fx5uc-32mt\/dss_firmware | * |
| mitsubishielectric | fx5uc-32mt\/dss-ts_firmware | * |
| mitsubishielectric | fx5uc-32mt\/ds-ts_firmware | * |
| mitsubishielectric | fx5uc-64mt\/d_firmware | * |
| mitsubishielectric | fx5uc-64mt\/dss_firmware | * |
| mitsubishielectric | fx5uc-96mt\/d_firmware | * |
| mitsubishielectric | fx5uc-96mt\/dss_firmware | * |
| mitsubishielectric | fx5uj-24mr\/es_firmware | * |
| mitsubishielectric | fx5uj-24mr\/es-a_firmware | * |
| mitsubishielectric | fx5uj-24mt\/es_firmware | * |
| mitsubishielectric | fx5uj-24mt\/es-a_firmware | * |
| mitsubishielectric | fx5uj-24mt\/ess_firmware | * |
| mitsubishielectric | fx5uj-40mr\/es_firmware | * |
| mitsubishielectric | fx5uj-40mr\/es-a_firmware | * |
| mitsubishielectric | fx5uj-40mt\/es_firmware | * |
| mitsubishielectric | fx5uj-40mt\/es-a_firmware | * |
| mitsubishielectric | fx5uj-40mt\/ess_firmware | * |
| mitsubishielectric | fx5uj-60mr\/es_firmware | * |
| mitsubishielectric | fx5uj-60mr\/es-a_firmware | * |
| mitsubishielectric | fx5uj-60mt\/es_firmware | * |
| mitsubishielectric | fx5uj-60mt\/es-a_firmware | * |
| mitsubishielectric | fx5uj-60mt\/ess_firmware | * |
| mitsubishielectric | fx5s-30mr\/es_firmware | * |
| mitsubishielectric | fx5s-30mt\/es_firmware | * |
| mitsubishielectric | fx5s-30mt\/ess_firmware | * |
| mitsubishielectric | fx5s-40mr\/es_firmware | * |
| mitsubishielectric | fx5s-40mt\/es_firmware | * |
| mitsubishielectric | fx5s-40mt\/ess_firmware | * |
| mitsubishielectric | fx5s-60mr\/es_firmware | * |
| mitsubishielectric | fx5s-60mt\/es_firmware | * |
| mitsubishielectric | fx5s-60mt\/ess_firmware | * |
| mitsubishielectric | fx5s-80mr\/es_firmware | * |
| mitsubishielectric | fx5s-80mt\/es_firmware | * |
| mitsubishielectric | fx5s-80mt\/ess_firmware | * |
| mitsubishielectric | fx5-enet_firmware | - |
| mitsubishielectric | fx5-enet\/ip_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-256 - Plaintext Storage of a PasswordStoring a password in plaintext may result in a system compromise.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
References