CVE-2023-4088

CRITICAL

Mitsubishielectric GX Works3 - Incorrect Default Permissions

Title source: rule

Description

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.

References (3)

[Third Party Advisory] https://jvn.jp/vu/JVNVU96447193/index.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03

[Vendor Advisory] https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf

Scores

CVSS v3 9.3

EPSS 0.0003

EPSS Percentile 6.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-276

Status published

Affected Products (1)

mitsubishielectric/gx_works3

Timeline

Published Sep 20, 2023

Tracked Since Feb 18, 2026