CVE-2023-5274
LOWGX Works2 - Denial of Service via Simulation Function Packet Handling
Title source: llmDescription
Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf
Third Party Advisory government-resource
https://jvn.jp/vu/JVNVU98760962/index.html
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03
Scores
CVSS v3
2.5
EPSS
0.0004
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
mitsubishielectric/gx_works2
Published
Nov 30, 2023
Tracked Since
Feb 18, 2026