CVE-2023-4625

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 6, 2023
Updated: Feb 15, 2024
CWE ID 307

Summary

CVE-2023-4625 is a vulnerability affecting Mitsubishi Electric Corporation's MELSEC iQ-F/iQ-R Series CPU modules. The issue lies in the Web server function, which fails to adequately limit excessive authentication attempts. An unauthenticated attacker can initiate multiple illegitimate login attempts, leading to a denial-of-service condition. Legitimate users are unable to log in to the Web server function until the attacker ceases their unauthorized attempts, making this a significant security concern.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share