CVE-2023-4088 - Vulnerability Details - OpenCVE

Description

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.

Published: 2023-09-20

Score: 9.3 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mitsubishi Electric Corporation

GX Works3

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

AL-PCS/WIN-E

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

CPU Module Logging Configuration Tool

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

EZSocket

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

FR Configurator2

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

FX Configurator-EN

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

FX Configurator-EN-L

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

FX Configurator-FP

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

GT Designer3 Version1(GOT1000)

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

GT Designer3 Version1(GOT2000)

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

GT SoftGOT1000 Version3

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

GT SoftGOT2000 Version1

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

GX LogViewer

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

GX Works2

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

MELSOFT FieldDeviceConfigurator

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

MELSOFT iQ AppPortal

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

MELSOFT MaiLab

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

MELSOFT Navigator

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

MELSOFT Update Manager

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

MX Component

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

MX Sheet

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

PX Developer

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

RT ToolBox3

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

RT VisualBox

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

Data Transfer

unaffected

Version	Status	Constraints
`all versions`	affected	—

Mitsubishi Electric Corporation

Data Transfer Classic

unaffected

Version	Status	Constraints
`all versions`	affected	—

Configuration 1 [-]

cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-53978	Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://jvn.jp/vu/JVNVU96447193/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf

History

Tue, 24 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Mitsubishielectric Gx Works3

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2023-09-20T02:26:43.901Z

Updated: 2024-09-24T18:27:11.655Z

Reserved: 2023-08-02T04:52:49.923Z

Link: CVE-2023-4088

Vulnrichment

Updated: 2024-08-02T07:17:12.060Z

NVD

Status : Modified

Published: 2023-09-20T03:15:13.687

Modified: 2024-11-21T08:34:21.840

Link: CVE-2023-4088

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4088", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2023-08-02T04:52:49.923Z", "datePublished": "2023-09-20T02:26:43.901Z", "dateUpdated": "2024-09-24T18:27:11.655Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GX Works3", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "AL-PCS/WIN-E", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "CPU Module Logging Configuration Tool", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "EZSocket", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "FR Configurator2", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "FX Configurator-EN", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "FX Configurator-EN-L", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "FX Configurator-FP", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT1000)", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT2000)", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "GT SoftGOT1000 Version3", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "GT SoftGOT2000 Version1", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "GX LogViewer", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "GX Works2", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT FieldDeviceConfigurator", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT iQ AppPortal", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT MaiLab", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT Navigator", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT Update Manager", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "MX Component", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "MX Sheet", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "PX Developer", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "RT ToolBox3", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "RT VisualBox", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Data Transfer", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Data Transfer Classic", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "all versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder."}], "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Malicious Code Execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-07-04T09:16:28.950Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU96447193/index.html"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03"}], "source": {"discovery": "UNKNOWN"}, "title": "Malicious Code Execution Vulnerability in FA Engineering Software Products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:12.060Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf"}, {"tags": ["government-resource", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU96447193/index.html"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T18:27:00.307770Z", "id": "CVE-2023-4088", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:27:11.655Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU96447193/index.html", "tags": ["government-resource", "x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:12.060Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4088", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-24T18:27:00.307770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:27:06.570Z"}}], "cna": {"title": "Malicious Code Execution Vulnerability in FA Engineering Software Products", "source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Malicious Code Execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "GX Works3", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "AL-PCS/WIN-E", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "CPU Module Logging Configuration Tool", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "EZSocket", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "FR Configurator2", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "FX Configurator-EN", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "FX Configurator-EN-L", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "FX Configurator-FP", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GT Designer3 Version1(GOT1000)", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GT Designer3 Version1(GOT2000)", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GT SoftGOT1000 Version3", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GT SoftGOT2000 Version1", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GX LogViewer", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GX Works2", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSOFT FieldDeviceConfigurator", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSOFT iQ AppPortal", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSOFT MaiLab", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSOFT Navigator", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSOFT Update Manager", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MX Component", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MX Sheet", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "PX Developer", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "RT ToolBox3", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "RT VisualBox", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "Data Transfer", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "Data Transfer Classic", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU96447193/index.html", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-07-04T09:16:28.950Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4088", "state": "PUBLISHED", "dateUpdated": "2024-09-24T18:27:11.655Z", "dateReserved": "2023-08-02T04:52:49.923Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2023-09-20T02:26:43.901Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4AEDEEE-5070-41E2-B4DC-6DE8456BC028", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder."}, {"lang": "es", "value": "Vulnerabilidad de Permisos Predeterminados Incorrectos debido a una soluci\u00f3n incompleta para abordar CVE-2020-14496 en los productos de software de ingenier\u00eda de Mitsubishi Electric Corporation FA permite que un atacante local malicioso ejecute un c\u00f3digo malicioso, lo que podr\u00eda resultar en la divulgaci\u00f3n, manipulaci\u00f3n y eliminaci\u00f3n de informaci\u00f3n, o una condici\u00f3n de denegaci\u00f3n fuera de servicio (DoS). Sin embargo, si la versi\u00f3n mitigada descrita en el aviso para CVE-2020-14496 se utiliza y se instala en la carpeta de instalaci\u00f3n predeterminada, esta vulnerabilidad no afecta a los productos."}], "id": "CVE-2023-4088", "lastModified": "2024-11-21T08:34:21.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-20T03:15:13.687", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU96447193/index.html"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/vu/JVNVU96447193/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}