Описание
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.
Ссылки
- Third Party Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
7.5 High
CVSS3
8.6 High
CVSS3
Дефекты
Связанные уязвимости
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.
Уязвимость модуля связи для контроллера безопасности Mitsubishi Electric WS0-GETH00200, связанная с отсутствием аутентификации, позволяющая нарушителю повысить свои привилегии и получит доступ к устройству
EPSS
7.5 High
CVSS3
8.6 High
CVSS3