Common Weakness Enumeration

CWE-294

Allowed

Authentication Bypass by Capture-replay

Abstraction: Base · Status: Incomplete

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

342 vulnerabilities reference this CWE, most recent first.

CVE-2023-29158 (GCVE-0-2023-29158)

Vulnerability from cvelistv5 – Published: 2023-06-19 20:11 – Updated: 2024-12-09 20:49
VLAI
Title
SUBNET PowerSYSTEM Center Authentication Bypass by Capture-replay
Summary
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
Impacted products
Vendor Product Version
SUBNET Solutions Inc. PowerSYSTEM Center Affected: 0 , ≤ 2020 U10 (custom)
Create a notification for this product.
Date Public
2023-06-15 20:07
Credits
SUBNET Solutions reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T20:48:57.979110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T20:49:14.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerSYSTEM Center",
          "vendor": "SUBNET Solutions Inc.",
          "versions": [
            {
              "lessThanOrEqual": "2020 U10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SUBNET Solutions reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2023-06-15T20:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.\u003c/span\u003e\n\n\u003c/p\u003e\u003cbr\u003e\n\n"
            }
          ],
          "value": "\n\n\nSUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.\n\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-19T20:11:05.873Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eSUBNET Solutions has fixed these issues by enabling a file integrity check on uploaded images and anti-forgery tokens to prevent replay attacks. The fix was introduced in PowerSYSTEM Center update 12 as well as Update 8+Hotfix (both identified by release number 5.12.2305.10101, which can be located in Settings / Overview / Version).\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "\nSUBNET Solutions has fixed these issues by enabling a file integrity check on uploaded images and anti-forgery tokens to prevent replay attacks. The fix was introduced in PowerSYSTEM Center update 12 as well as Update 8+Hotfix (both identified by release number 5.12.2305.10101, which can be located in Settings / Overview / Version).\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "SUBNET PowerSYSTEM Center Authentication Bypass by Capture-replay",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eSUBNET Solutions recommends users to follow the following workarounds:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers should verify that SVG files do not contain HTML elements or scripts and validate that JPG and PNG files are not SVG files.\u003c/li\u003e\u003cli\u003eUsers should verify network security rules to ensure that outbound connections to the internet are not possible.\u003c/li\u003e\u003cli\u003eIf the above cannot be performed or notifications are not required, disable email notifications for reports from PowerSYSTEM Center.\u003c/li\u003e\u003cli\u003eMonitor user activity and ensure application control rules only allow preauthorized executables to run.\u003c/li\u003e\u003cli\u003eDeny users to run other executables on client access servers (PowerSYSTEM Center front end access point).\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nSUBNET Solutions recommends users to follow the following workarounds:\n\n  *  Users should verify that SVG files do not contain HTML elements or scripts and validate that JPG and PNG files are not SVG files.\n  *  Users should verify network security rules to ensure that outbound connections to the internet are not possible.\n  *  If the above cannot be performed or notifications are not required, disable email notifications for reports from PowerSYSTEM Center.\n  *  Monitor user activity and ensure application control rules only allow preauthorized executables to run.\n  *  Deny users to run other executables on client access servers (PowerSYSTEM Center front end access point).\n\n\n\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-29158",
    "datePublished": "2023-06-19T20:11:05.873Z",
    "dateReserved": "2023-05-25T16:04:56.578Z",
    "dateUpdated": "2024-12-09T20:49:14.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20123 (GCVE-0-2023-20123)

Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2024-10-28 16:30
VLAI
Title
Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability
Summary
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Cisco Cisco Duo Affected: n/a
Create a notification for this product.
Date Public
2023-04-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-replay-knuNKd"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20123",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T16:19:09.134560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T16:30:26.217Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Duo",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-replay-knuNKd"
        }
      ],
      "source": {
        "advisory": "cisco-sa-duo-replay-knuNKd",
        "defect": [
          [
            "CSCwe66449",
            "CSCwe66538"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20123",
    "datePublished": "2023-04-05T00:00:00.000Z",
    "dateReserved": "2022-10-27T00:00:00.000Z",
    "dateUpdated": "2024-10-28T16:30:26.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6374 (GCVE-0-2023-6374)

Vulnerability from cvelistv5 – Published: 2024-01-30 09:00 – Updated: 2025-06-09 18:35
VLAI
Summary
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU99497477"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6374",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T05:00:26.339109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T18:35:44.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC WS Series WS0-GETH00200",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All serial numbers"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules."
            }
          ],
          "value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T08:19:20.707Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU99497477"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-6374",
    "datePublished": "2024-01-30T09:00:14.800Z",
    "dateReserved": "2023-11-29T00:52:59.717Z",
    "dateUpdated": "2025-06-09T18:35:44.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2846 (GCVE-0-2023-2846)

Vulnerability from cvelistv5 – Published: 2023-06-30 04:05 – Updated: 2025-03-05 18:55
VLAI
Title
Authentication Bypass Vulnerability in MELSEC-F Series main module
Summary
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/UA1 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/UA1 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MS/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MS/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-16MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-32MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-48MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-64MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-80MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3U-128MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-64MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-96MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-96MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MR/D-T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MR/DS-T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT-LT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-32MT-LT-2 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/D-P4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3UC-16MT/DSS-P4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-14MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-24MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-40MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3G-60MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GC-32MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GC-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-24MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GE-40MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-24MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-24MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-40MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-40MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-60MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3GA-60MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-10MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-14MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-20MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MR/ES-2AD Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ES-2AD Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3S-30MT/ESS-2AD Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-10MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-10MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-14MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-14MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-20MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-20MT-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-30MR-CM Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-F Series FX3SA-30MT-CM Affected: all versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU94519952"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:38:59.665930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:55:00.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/UA1",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/UA1",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MS/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MS/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-16MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-32MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-48MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-64MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-80MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3U-128MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-64MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-96MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-96MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MR/D-T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MR/DS-T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT-LT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-32MT-LT-2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/D-P4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3UC-16MT/DSS-P4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-14MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-24MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-40MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3G-60MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-24MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GE-40MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-24MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-24MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-40MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-40MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-60MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3GA-60MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-10MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-14MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-20MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MR/ES-2AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ES-2AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3S-30MT/ESS-2AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-10MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-10MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-14MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-14MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-20MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-20MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-30MR-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-F Series FX3SA-30MT-CM",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets."
            }
          ],
          "value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T04:05:26.423Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdf"
        },
        {
          "url": "https://jvn.jp/vu/JVNVU94519952"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass Vulnerability in MELSEC-F Series main module",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-2846",
    "datePublished": "2023-06-30T04:05:26.423Z",
    "dateReserved": "2023-05-23T07:15:33.185Z",
    "dateUpdated": "2025-03-05T18:55:00.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1886 (GCVE-0-2023-1886)

Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2025-02-10 19:47
VLAI
Title
Authentication Bypass by Capture-replay in thorsten/phpmyfaq
Summary
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
Impacted products
Vendor Product Version
thorsten thorsten/phpmyfaq Affected: unspecified , < 3.1.12 (custom)
Create a notification for this product.
Credits
Ahmed Hassan (ahmedvienna) Josef Hassan (josefjku)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:26.777Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T19:47:06.330454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T19:47:10.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "thorsten/phpmyfaq",
          "vendor": "thorsten",
          "versions": [
            {
              "lessThan": "3.1.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ahmed Hassan (ahmedvienna)"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Josef Hassan (josefjku)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAuthentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
            }
          ],
          "value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-18T10:11:46.085Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
        },
        {
          "url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
        }
      ],
      "source": {
        "advisory": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass by Capture-replay in thorsten/phpmyfaq",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-1886",
    "datePublished": "2023-04-05T00:00:00.000Z",
    "dateReserved": "2023-04-05T00:00:00.000Z",
    "dateUpdated": "2025-02-10T19:47:10.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1537 (GCVE-0-2023-1537)

Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-27 16:51
VLAI
Title
Authentication Bypass by Capture-replay in answerdev/answer
Summary
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
Impacted products
Vendor Product Version
answerdev answerdev/answer Affected: unspecified , < 1.0.6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1537",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T16:51:00.622050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T16:51:11.306Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "answerdev/answer",
          "vendor": "answerdev",
          "versions": [
            {
              "lessThan": "1.0.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-21T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
        },
        {
          "url": "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86"
        }
      ],
      "source": {
        "advisory": "171cde18-a447-446c-a9ab-297953ad9b86",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass by Capture-replay in answerdev/answer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-1537",
    "datePublished": "2023-03-21T00:00:00.000Z",
    "dateReserved": "2023-03-21T00:00:00.000Z",
    "dateUpdated": "2025-02-27T16:51:11.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0014 (GCVE-0-2023-0014)

Vulnerability from cvelistv5 – Published: 2023-01-10 03:02 – Updated: 2025-04-09 13:59
VLAI
Title
Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Summary
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
sap
Impacted products
Vendor Product Version
SAP NetWeaver ABAP Server and ABAP Platform Affected: SAP_BASIS 701
Affected: SAP_BASIS 702
Affected: SAP_BASIS 710
Affected: SAP_BASIS 711
Affected: SAP_BASIS 730
Affected: SAP_BASIS 731
Affected: SAP_BASIS 740
Affected: SAP_BASIS 750
Affected: SAP_BASIS 751
Affected: SAP_BASIS 752
Affected: SAP_BASIS 753
Affected: SAP_BASIS 754
Affected: SAP_BASIS 755
Affected: SAP_BASIS 756
Affected: SAP_BASIS 757
Affected: KERNEL 7.22
Affected: KERNEL 7.53
Affected: KERNEL 7.77
Affected: KERNEL 7.81
Affected: KERNEL 7.85
Affected: KERNEL 7.89
Affected: KRNL64UC 7.22
Affected: KRNL64UC 7.22EXT
Affected: KRNL64UC 7.53
Affected: KRNL64NUC 7.22
Affected: KRNL64NUC 7.22EXT
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3089413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T13:58:48.577709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T13:59:20.601Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetWeaver ABAP Server and ABAP Platform",
          "vendor": "SAP",
          "versions": [
            {
              "status": "affected",
              "version": "SAP_BASIS 701"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 702"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 710"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 711"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 730"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 731"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 740"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 750"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 751"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 752"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 753"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 754"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 755"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 756"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 757"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.22"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.53"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.77"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.81"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.85"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.89"
            },
            {
              "status": "affected",
              "version": "KRNL64UC 7.22"
            },
            {
              "status": "affected",
              "version": "KRNL64UC 7.22EXT"
            },
            {
              "status": "affected",
              "version": "KRNL64UC 7.53"
            },
            {
              "status": "affected",
              "version": "KRNL64NUC 7.22"
            },
            {
              "status": "affected",
              "version": "KRNL64NUC 7.22EXT"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eSAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e"
            }
          ],
          "value": "SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-10T03:02:39.962Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://launchpad.support.sap.com/#/notes/3089413"
        },
        {
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2023-0014",
    "datePublished": "2023-01-10T03:02:39.962Z",
    "dateReserved": "2022-12-16T03:13:43.141Z",
    "dateUpdated": "2025-04-09T13:59:20.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48507 (GCVE-0-2022-48507)

Vulnerability from cvelistv5 – Published: 2023-07-06 12:36 – Updated: 2024-11-20 20:35
VLAI
Summary
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS Affected: 2.0.0
Affected: 2.0.1
Create a notification for this product.
Huawei EMUI Affected: 12.0.0
Affected: 12.0.1
Affected: 11.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:54.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48507",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T20:35:37.360087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T20:35:47.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EMUI",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "12.0.0"
            },
            {
              "status": "affected",
              "version": "12.0.1"
            },
            {
              "status": "affected",
              "version": "11.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality."
            }
          ],
          "value": "Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-06T12:36:59.628Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"
        },
        {
          "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2022-48507",
    "datePublished": "2023-07-06T12:36:59.628Z",
    "dateReserved": "2023-06-29T11:23:50.332Z",
    "dateUpdated": "2024-11-20T20:35:47.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-45789 (GCVE-0-2022-45789)

Vulnerability from cvelistv5 – Published: 2023-01-31 00:00 – Updated: 2026-05-29 14:09
VLAI
Summary
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-Replay
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:17:04.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-45789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T19:52:21.864489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T14:09:29.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Control Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Process Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\u003c/p\u003e"
            }
          ],
          "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294: Authentication Bypass by Capture-Replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-09T13:48:11.112Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2022-45789",
    "datePublished": "2023-01-31T00:00:00.000Z",
    "dateReserved": "2022-11-22T00:00:00.000Z",
    "dateUpdated": "2026-05-29T14:09:29.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-44457 (GCVE-0-2022-44457)

Vulnerability from cvelistv5 – Published: 2022-11-08 00:00 – Updated: 2025-05-01 18:07
VLAI
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-294 - Authentication Bypass by Capture-replay
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:54:03.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-44457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-01T18:07:08.237002Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-01T18:07:21.381Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mendix SAML (Mendix 7 compatible)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.17.0"
            }
          ]
        },
        {
          "product": "Mendix SAML (Mendix 7 compatible)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V1.17.0 \u003c V1.17.2"
            }
          ]
        },
        {
          "product": "Mendix SAML (Mendix 8 compatible)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.3.0"
            }
          ]
        },
        {
          "product": "Mendix SAML (Mendix 8 compatible)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3.0 \u003c V2.3.2"
            }
          ]
        },
        {
          "product": "Mendix SAML (Mendix 9 compatible, New Track)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.1"
            }
          ]
        },
        {
          "product": "Mendix SAML (Mendix 9 compatible, New Track)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V3.3.1 \u003c V3.3.5"
            }
          ]
        },
        {
          "product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.0"
            }
          ]
        },
        {
          "product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V3.3.0 \u003c V3.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions \u003c V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions \u003e= V1.17.0 \u003c V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions \u003c V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions \u003e= V2.3.0 \u003c V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003c V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003e= V3.3.1 \u003c V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003c V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003e= V3.3.0 \u003c V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `\u0027Allow Idp Initiated Authentication\u0027` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294: Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-44457",
    "datePublished": "2022-11-08T00:00:00.000Z",
    "dateReserved": "2022-10-31T00:00:00.000Z",
    "dateUpdated": "2025-05-01T18:07:21.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Utilize some sequence or time stamping functionality along with a checksum which takes this into account in order to ensure that messages can be parsed only once.

Mitigation
Architecture and Design

Since any attacker who can listen to traffic can see sequence numbers, it is necessary to sign messages with some kind of cryptography to ensure that sequence numbers are not simply doctored along with content.

CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.

CAPEC-509: Kerberoasting

Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.

CAPEC-555: Remote Services with Stolen Credentials

This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.

CAPEC-561: Windows Admin Shares with Stolen Credentials

An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.

CAPEC-60: Reusing Session IDs (aka Session Replay)

This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.

CAPEC-644: Use of Captured Hashes (Pass The Hash)

An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.

CAPEC-645: Use of Captured Tickets (Pass The Ticket)

An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.

CAPEC-652: Use of Known Kerberos Credentials

An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.

CAPEC-701: Browser in the Middle (BiTM)

An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.