CVE-2023-6943 – This vulnerability allows remote unauthenticate... (How to Fix)

Q: What is the severity of CVE-2023-6943?

CVE-2023-6943 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected Mitsubishi Electric industrial control software by exploiting unsafe reflection in RPC communications. Attackers can specify paths to malicious libraries that get loaded and executed. Affected systems include EZSocket, GT Designer3, GX Works2/3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA.

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected Mitsubishi Electric industrial control software by exploiting unsafe reflection in RPC communications. Attackers can specify paths to malicious libraries that get loaded and executed. Affected systems include EZSocket, GT Designer3, GX Works2/3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA.

💻 Affected Systems

Products:

EZSocket
GT Designer3 Version1(GOT1000)
GT Designer3 Version1(GOT2000)
GX Works2
GX Works3
MELSOFT Navigator
MT Works2
MX Component
MX OPC Server DA/UA

Versions: EZSocket 3.0-5.92, GT Designer3(GOT1000) up to 1.325P, GT Designer3(GOT2000) up to 1.320J, GX Works2 1.11M-1.626C, GX Works3 up to 1.106L, MELSOFT Navigator 1.04E-2.102G, MT Works2 up to 1.190Y, MX Component 4.00A-5.007H, MX OPC Server DA/UA all versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All affected products are vulnerable in their default configurations when RPC services are enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code with highest privileges, potentially leading to industrial process disruption, data theft, or ransomware deployment across critical infrastructure.

🟠

Likely Case

Remote code execution leading to industrial control system compromise, data exfiltration, or lateral movement within OT networks.

🟢

If Mitigated

Limited impact if systems are air-gapped, have strict network segmentation, and proper access controls preventing unauthorized RPC connections.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation allows attackers to compromise systems directly exposed to the internet without any authentication.

🏢 Internal Only: HIGH - Even internally, the unauthenticated nature makes this easily exploitable by any attacker who gains network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and involves simple RPC manipulation, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by product - refer to Mitsubishi Electric advisory for specific fixed versions

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf

Restart Required: Yes

Instructions:

1. Download appropriate patches from Mitsubishi Electric support portal. 2. Apply patches according to vendor instructions. 3. Restart affected systems. 4. Verify patch installation and functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks using firewalls and VLANs

Disable Unnecessary RPC Services

windows

Disable RPC services if not required for operations

🧯 If You Can't Patch

Implement strict network access controls allowing only trusted IP addresses to connect to RPC services
Deploy intrusion detection systems monitoring for RPC exploitation patterns and unauthorized library loading

🔍 How to Verify

Check if Vulnerable:

Check installed software versions against affected version ranges listed in the advisory

Check Version:

Check via Windows Programs and Features or software's About dialog

Verify Fix Applied:

Verify installed version is above the affected range and test RPC functionality remains operational

📡 Detection & Monitoring

Log Indicators:

Unusual RPC connections from unauthorized sources
Failed library loading attempts
Process creation from unexpected paths

Network Indicators:

RPC traffic to affected software ports from unauthorized sources
Unusual library path specifications in RPC calls

SIEM Query:

source_ip NOT IN (trusted_ips) AND dest_port IN (135, 445, [software_specific_ports]) AND protocol=rpc

📊 Metadata

CVE ID: CVE-2023-6943

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-470

Published: January 30, 2024

Last Updated: September 19, 2025

🔗 References

https://jvn.jp/vu/JVNVU95103362 Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU95103362 Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6943, you might also want to check these: