CVE-2023-5247
📋 TL;DR
This vulnerability allows attackers to execute malicious code by tricking legitimate users into opening specially crafted project files in Mitsubishi Electric FA Engineering Software. It affects multiple industrial automation software products and could lead to information disclosure, data tampering, or denial-of-service conditions.
💻 Affected Systems
- Mitsubishi Electric FA Engineering Software Products
📦 What is this software?
Gx Works3 by Mitsubishielectric
Melsoft Iq Appportal by Mitsubishielectric
Melsoft Navigator by Mitsubishielectric
Motion Control Setting by Mitsubishielectric
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing data theft, manipulation of industrial processes, or permanent system damage leading to operational shutdown.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive engineering data and potential disruption of automation systems.
If Mitigated
Limited impact with proper file validation and user awareness, potentially only causing application crashes.
🎯 Exploit Status
Exploitation requires social engineering to get users to open malicious project files. No authentication bypass needed once file is opened.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific fixed versions
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-016_en.pdf
Restart Required: Yes
Instructions:
1. Review vendor advisory for affected products. 2. Download and install security updates from Mitsubishi Electric. 3. Restart affected systems. 4. Verify installation through version checks.
🔧 Temporary Workarounds
Restrict Project File Sources
allOnly open project files from trusted sources and implement file validation procedures
User Awareness Training
allTrain users to recognize suspicious project files and avoid opening untrusted files
🧯 If You Can't Patch
- Implement strict access controls to limit who can open project files
- Use application whitelisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check installed software versions against vendor advisory list of affected versionsCheck Version:
Check through Windows Programs and Features or software's About dialogVerify Fix Applied:
Verify software version matches or exceeds patched versions listed in vendor advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected process execution from project file opening
- Application crashes when opening project files
- Unusual file access patterns
Network Indicators:
- Unusual outbound connections after opening project files
SIEM Query:
Process creation events from FA engineering software with suspicious parent processes or command line arguments