CVE-2023-4088 – This vulnerability allows a local attacker to e... (How to Fix)

Q: What is the severity of CVE-2023-4088?

CVE-2023-4088 has a CVSS score of 9.3 (CRITICAL). This vulnerability allows a local attacker to execute malicious code on Mitsubishi Electric FA engineering software when installed in non-default folders, due to incorrect default permissions. It affects multiple industrial control system software products, potentially leading to information disclosure, data tampering/deletion, or denial-of-service conditions.

📋 TL;DR

This vulnerability allows a local attacker to execute malicious code on Mitsubishi Electric FA engineering software when installed in non-default folders, due to incorrect default permissions. It affects multiple industrial control system software products, potentially leading to information disclosure, data tampering/deletion, or denial-of-service conditions.

💻 Affected Systems

Products:

MELSOFT series (multiple FA engineering software products)
GT Designer3
GX Works3
MX Component
MX OPC Server DA/UA
Easysocket

Versions: Various versions as specified in vendor advisory (check specific product documentation)

Operating Systems: Windows

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when software is installed in a folder other than the default installation folder. Default installation path is not affected.

📦 What is this software?

Gx Works3 by Mitsubishielectric

View all CVEs affecting Gx Works3 →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code, steal sensitive industrial data, disrupt manufacturing processes, or cause physical damage to equipment.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to engineering data, configuration tampering, or service disruption affecting production systems.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and least privilege principles are implemented, restricting local access to authorized personnel only.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over the internet.

🏢 Internal Only: HIGH - Critical risk for internal networks as local attackers (including malicious insiders or compromised accounts) can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the system. Exploitation is straightforward once an attacker gains local access to a system with vulnerable software installed in non-default location.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific product versions

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected products. 2. Download and install updated versions from Mitsubishi Electric support portal. 3. Restart affected systems after installation. 4. Verify installation in default folder only.

🔧 Temporary Workarounds

Reinstall in default location

windows

Uninstall software from non-default folder and reinstall in default installation folder

Uninstall via Control Panel > Programs and Features
Reinstall using default installation path

Restrict folder permissions

windows

Apply strict access controls to installation folders to prevent unauthorized modifications

icacls "C:\Program Files\Mitsubishi\" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"
icacls "C:\Program Files (x86)\Mitsubishi\" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"

🧯 If You Can't Patch

Ensure all installations use default folder paths only
Implement strict access controls and network segmentation to limit local access to critical systems

🔍 How to Verify

Check if Vulnerable:

Check installation path of Mitsubishi FA software - if installed in non-default folder (not under Program Files or Program Files (x86)), system is vulnerable.

Check Version:

Check software version through Control Panel > Programs and Features or software's About dialog

Verify Fix Applied:

Verify software is installed in default folder and check version matches patched version from vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Mitsubishi software folders
Process creation from non-standard locations for Mitsubishi executables
Permission changes to installation directories

Network Indicators:

Unusual network traffic from engineering workstations to control systems
Unexpected connections to OPC servers or engineering interfaces

SIEM Query:

Process Creation where (ImagePath contains "Mitsubishi" OR ImagePath contains "MELSOFT") AND NOT (ImagePath contains "Program Files" OR ImagePath contains "Program Files (x86)")

📊 Metadata

CVE ID: CVE-2023-4088

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-276

Published: September 20, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4088, you might also want to check these: