CVE-2023-4088

Published: Sep 20, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.

Affected (1)

Products: Mitsubishielectric: Gx Works3

Mitsubishielectric

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mitsubishielectric Gx Works3	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://jvn.jp/vu/JVNVU96447193/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vendor Advisory

https://jvn.jp/vu/JVNVU96447193/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.