CVE-2023-5275 Vulnerability Details

  /     /     /  

CVE-2023-5275 Metadata Quick Info

CVE Published: 21/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Mitsubishi | Vendor: Mitsubishi Electric Corporation | Product: GX Works2
Status : PUBLISHED

---

CVE-2023-5275 Description

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.

Metrics

CVSS Version: 3.1 | Base Score: 2.5 LOW
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20 Improper Input Validation
Source: Mitsubishi Electric Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: Denial of service


Source: NVD (National Vulnerability Database).