CVE-2023-6942 – This vulnerability allows remote unauthenticate... (How to Fix)

Q: What is the severity of CVE-2023-6942?

CVE-2023-6942 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote unauthenticated attackers to bypass authentication in multiple Mitsubishi Electric industrial software products by sending specially crafted packets. Affected systems include EZSocket, GT Designer3, GX Works2/3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA. Attackers can connect to these products illegally without valid credentials.

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to bypass authentication in multiple Mitsubishi Electric industrial software products by sending specially crafted packets. Affected systems include EZSocket, GT Designer3, GX Works2/3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA. Attackers can connect to these products illegally without valid credentials.

💻 Affected Systems

Products:

EZSocket
GT Designer3 Version1(GOT1000)
GT Designer3 Version1(GOT2000)
GX Works2
GX Works3
MELSOFT Navigator
MT Works2
MX Component
MX OPC Server DA/UA

Versions: EZSocket 3.0-5.92, GT Designer3(GOT1000) up to 1.325P, GT Designer3(GOT2000) up to 1.320J, GX Works2 1.11M-1.626C, GX Works3 up to 1.106L, MELSOFT Navigator 1.04E-2.102G, MT Works2 up to 1.190Y, MX Component 4.00A-5.007H, MX OPC Server DA/UA all versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All affected versions in default configurations are vulnerable. These are industrial control system (ICS) software products used for programming and configuring Mitsubishi Electric PLCs and HMIs.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, unauthorized access to critical automation functions, potential manipulation of industrial processes, and disruption of manufacturing operations.

🟠

Likely Case

Unauthorized access to engineering workstations, theft of intellectual property, configuration tampering, and potential disruption of industrial operations.

🟢

If Mitigated

Limited impact with proper network segmentation, but still exposes systems to reconnaissance and potential lateral movement.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation allows attackers to directly target exposed systems without any credentials.

🏢 Internal Only: HIGH - Even internally, unauthenticated attackers on the network can exploit this vulnerability to gain unauthorized access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending specially crafted packets but does not require authentication. The specific packet format is not publicly documented in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by product - see vendor advisory for specific fixed versions

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf

Restart Required: Yes

Instructions:

1. Review the vendor advisory for specific fixed versions for each product. 2. Download and install the latest versions from Mitsubishi Electric's official website. 3. Restart affected systems after installation. 4. Verify the update was successful by checking version numbers.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems in separate network segments with strict firewall rules to prevent unauthorized access.

Access Control Lists

all

Implement strict network access controls to limit connections to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from untrusted networks
Deploy intrusion detection systems to monitor for authentication bypass attempts

🔍 How to Verify

Check if Vulnerable:

Check installed software versions against the affected version ranges listed in the vendor advisory.

Check Version:

Check version through each product's 'About' or 'Help' menu, or via Windows Programs and Features control panel.

Verify Fix Applied:

Verify that software versions have been updated to versions beyond those listed in the affected ranges.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful connections
Unusual connection patterns to affected software ports
Connections from unexpected IP addresses

Network Indicators:

Unusual traffic patterns to ports used by affected Mitsubishi software
Authentication bypass attempts detected via packet inspection

SIEM Query:

source_ip NOT IN (trusted_ips) AND dest_port IN (affected_software_ports) AND auth_result='success'

📊 Metadata

CVE ID: CVE-2023-6942

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-306

Published: January 30, 2024

Last Updated: September 19, 2025

🔗 References

https://jvn.jp/vu/JVNVU95103362 Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU95103362 Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6942, you might also want to check these: