CVE-2023-4625

MEDIUM

Mitsubishi Electric MELSEC iQ-F/iQ-R Series - Auth Bypass

Title source: llm

Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.

References (3)

[Third Party Advisory] https://jvn.jp/vu/JVNVU94620134

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02

[Vendor Advisory] https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-307

Status published

Affected Products (50)

mitsubishielectric/fx5u-32mt\/es_firmware

mitsubishielectric/fx5u-64mt\/es_firmware

mitsubishielectric/fx5u-80mt\/es_firmware

mitsubishielectric/fx5u-32mr\/es_firmware

mitsubishielectric/fx5u-64mr\/es_firmware

mitsubishielectric/fx5u-80mr\/es_firmware

mitsubishielectric/fx5u-32mt\/ds_firmware

mitsubishielectric/fx5u-64mt\/ds_firmware

mitsubishielectric/fx5u-80mt\/ds_firmware

mitsubishielectric/fx5u-32mr\/ds_firmware

mitsubishielectric/fx5u-64mr\/ds_firmware

mitsubishielectric/fx5u-80mr\/ds_firmware

mitsubishielectric/fx5u-32mt\/ess_firmware

mitsubishielectric/fx5u-64mt\/ess_firmware

mitsubishielectric/fx5u-80mt\/ess_firmware

... and 35 more

Timeline

Published Nov 06, 2023

Tracked Since Feb 18, 2026