How severe is CVE-2023-0525?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-0525?

This is classified as CWE-261, which is a common weakness in software security.

CVE-2023-0525 - HIGH Severity | CVSS 7.5

Vulnerability Description

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

Related Vulnerabilities

CVE-2022-38469

HIGH

CVSS:7.5(High)

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.

CWE-2612022

CVE-2023-0356

HIGH

CVSS:7.5(High)

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

CWE-2612023

CVE-2023-7237

HIGH

CVSS:7.5(High)

Lantronix XPort sends weakly encoded credentials within web request headers.

CWE-2612023

CVE-2020-14481

HIGH

CVSS:7.8(High)

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows ...

CWE-2612020

CVE-2022-45099

HIGH

CVSS:7.8(High)

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full syst...

CWE-2612022

CVE-2024-45273

HIGH

CVSS:7.8(High)

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

CWE-2612024