CVE-2023-5274

LOW

Mitsubishielectric GX Works2 - Improper Input Validation

Title source: rule

Description

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.

References (3)

[Third Party Advisory] https://jvn.jp/vu/JVNVU98760962/index.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03

[Vendor Advisory] https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf

Scores

CVSS v3 2.5

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-20

Status published

Affected Products (1)

mitsubishielectric/gx_works2

Timeline

Published Nov 30, 2023

Tracked Since Feb 18, 2026