Security Advisory

Mitsubishi Electric’s MELSEC iQ-R Safety CPU and SIL2 Process CPU Module

Incorrect Privilege Assignment

Risk Information

Limited Threat

CVE ID

CVE-2023-6815

Vunerability Type

Incorrect Privilege Assignment

CVSS3 Score

6.5

CVSSv3 Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

MELSEC iQ-R Series Safety CPU (R08/16/32/120SFCPU): all versions.

MELSEC iQ-R Series SIL2 Process CPU (R08/16/32/120PSFCPU): all versions.

Users with firmware 27 and higher can enable 'enhanced management'. Users with previous firmware must replace the hardware with a newer version.

02/13/2024