Severity
Medium
Analysis Summary
CVE-2023-6815
Mitsubishi Electric MELSEC iQ-R CPU modules could allow a remote authenticated attacker to obtain sensitive information, caused by incorrect privilege assignment. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain credentials from lower-level users.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-6815
Affected Vendors
Mitsubishi Electric
Affected Products
- Mitsubishi Electric MELSEC iQ-R Series Safety CPU R08SFCPU
- Mitsubishi Electric MELSEC iQ-R Series Safety CPU R16SFCPU
Remediation
Refer to Mitsubishi Electric Security Advisory for patch, upgrade or suggested workaround information.