CVE-2023-2846

HIGH

Mitsubishi Electric Corporation MELSEC iQ-F Series - Auth Bypass

Title source: llm

Description

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.

References (3)

[Mitigation, Third Party Advisory] https://jvn.jp/vu/JVNVU94519952

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04

[Mitigation, Vendor Advisory] https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdf

Scores

CVSS v3 7.5

EPSS 0.0011

EPSS Percentile 29.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-294

Status published

Products (50)

mitsubishielectric/fx3g-14mr\/ds_firmware

mitsubishielectric/fx3g-14mr\/es-a_firmware

mitsubishielectric/fx3g-14mr\/es_firmware

mitsubishielectric/fx3g-14mt\/ds_firmware

mitsubishielectric/fx3g-14mt\/dss_firmware

mitsubishielectric/fx3g-14mt\/es-a_firmware

mitsubishielectric/fx3g-14mt\/es_firmware

mitsubishielectric/fx3g-14mt\/ess_firmware

mitsubishielectric/fx3g-24mr\/ds_firmware

mitsubishielectric/fx3g-24mr\/es-a_firmware

... and 40 more

Published Jun 30, 2023

Tracked Since Feb 18, 2026