CVE-2023-0457 Information

Description

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules all models all versions FX5UJ CPU modules all models all versions FX5S CPU modules all models all versions FX5-ENET all versions and FX5-ENET/IP all versions allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.

Reference

https://jvn.jp/vu/JVNVU93891523/index.html https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf