CVE-2023-0457 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-0457

CWE

https://cwe.mitre.org/data/definitions/256.html

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.

Weakness

Storing a password in plaintext may result in a system compromise.

Affected Software

Name	Vendor	Start Version	End Version
Fx5uc-32mr/ds-ts_firmware	Mitsubishielectric	*	*

Potential Mitigations

References

https://jvn.jp/vu/JVNVU93891523/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf
https://jvn.jp/vu/JVNVU93891523/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf