CVE-2023-4625
MEDIUMMitsubishi Electric MELSEC iQ-F/iQ-R Series - Auth Bypass
Title source: llmDescription
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf
Third Party Advisory government-resource
https://jvn.jp/vu/JVNVU94620134
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02
Scores
CVSS v3
5.3
EPSS
0.0011
EPSS Percentile
28.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-307
Status
published
Products (50)
mitsubishielectric/fx5s-30mr\/es_firmware
mitsubishielectric/fx5s-30mt\/es_firmware
mitsubishielectric/fx5s-30mt\/ess_firmware
mitsubishielectric/fx5s-40mr\/es_firmware
mitsubishielectric/fx5s-40mt\/es_firmware
mitsubishielectric/fx5s-40mt\/ess_firmware
mitsubishielectric/fx5s-60mr\/es_firmware
mitsubishielectric/fx5s-60mt\/es_firmware
mitsubishielectric/fx5s-60mt\/ess_firmware
mitsubishielectric/fx5s-80mr\/es_firmware
... and 40 more
Published
Nov 06, 2023
Tracked Since
Feb 18, 2026