Vulnerability Details CVE-2023-4088
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.1%
CVSS Severity
CVSS v3 Score 9.3
References
- https://jvn.jp/vu/JVNVU96447193/index.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf
- https://jvn.jp/vu/JVNVU96447193/index.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf
Products affected by CVE-2023-4088
-
cpe:2.3:a:mitsubishielectric:gx_works3:-
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.060n
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.063r
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.065t
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.070y