Skip to main content

CVE-2023-6943: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Mitsubishi Electric Corporation EZSocket

Critical
VulnerabilityCVE-2023-6943cvecve-2023-6943cwe-470
Published: Tue Jan 30 2024 (01/30/2024, 09:09:29 UTC)
Source: CVE Database V5
Vendor/Project: Mitsubishi Electric Corporation
Product: EZSocket

Description

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

AI-Powered Analysis

AILast updated: 07/08/2025, 14:24:49 UTC

Technical Analysis

CVE-2023-6943 is a critical vulnerability classified under CWE-470, which involves the use of externally-controlled input to select classes or code, commonly referred to as 'Unsafe Reflection.' This vulnerability affects multiple Mitsubishi Electric Corporation products, specifically EZSocket versions 3.0 to 5.92, GT Designer3 Version1 (GOT1000) versions 1.325P and prior, GT Designer3 Version1 (GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H, and MX OPC Server DA/UA all versions. The vulnerability allows a remote unauthenticated attacker to execute arbitrary malicious code by exploiting the Remote Procedure Call (RPC) interface. The attacker can supply a path to a malicious library, which the vulnerable software loads and executes. This unsafe reflection flaw arises because the software does not properly validate or restrict the input used to dynamically select and load classes or code modules, enabling attackers to control the execution flow remotely without authentication or user interaction. The CVSS v3.1 score of 9.8 (Critical) reflects the high severity, with metrics indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the ease of exploitation and the critical impact make this vulnerability a significant threat to affected environments, particularly industrial control systems and automation environments where Mitsubishi Electric products are widely deployed.

Potential Impact

For European organizations, the impact of CVE-2023-6943 is substantial, especially those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors that rely on Mitsubishi Electric's automation and control software. Successful exploitation could lead to full system compromise, allowing attackers to execute arbitrary code remotely, potentially disrupting industrial processes, causing equipment malfunction, data breaches, or even physical damage. The lack of authentication and user interaction requirements increases the risk of automated or worm-like propagation within networks. Confidentiality breaches could expose sensitive operational data, while integrity and availability impacts could halt production lines or critical infrastructure services, leading to financial losses, safety hazards, and regulatory non-compliance under frameworks such as NIS2 and GDPR.

Mitigation Recommendations

1. Immediate patching: Organizations should prioritize updating all affected Mitsubishi Electric products to the latest versions where the vulnerability is patched. If patches are not yet available, apply any vendor-recommended workarounds or mitigations. 2. Network segmentation: Isolate vulnerable devices and systems from general IT networks and restrict RPC access using firewalls and network access controls to limit exposure. 3. RPC filtering and monitoring: Implement strict filtering of RPC traffic to allow only trusted sources and monitor for anomalous RPC requests that could indicate exploitation attempts. 4. Application whitelisting: Use application control solutions to prevent unauthorized libraries or code from loading on systems running Mitsubishi Electric software. 5. Intrusion detection and prevention: Deploy IDS/IPS solutions tuned to detect exploitation attempts targeting unsafe reflection vulnerabilities. 6. Incident response readiness: Prepare and test incident response plans specific to industrial control system compromises, including backups and recovery procedures. 7. Vendor engagement: Maintain communication with Mitsubishi Electric for timely updates, patches, and guidance. 8. Asset inventory and risk assessment: Identify all affected products in the environment and assess risk exposure to prioritize remediation efforts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Mitsubishi
Date Reserved
2023-12-19T08:00:07.140Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683a035b182aa0cae2bd1b6c

Added to database: 5/30/2025, 7:13:31 PM

Last enriched: 7/8/2025, 2:24:49 PM

Last updated: 8/10/2025, 10:23:05 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats