CVE-2023-4625
Summary
A vulnerability in the web server function of Mitsubishi Electric's MELSEC iQ-F Series CPU modules allows unauthenticated remote attackers to lock out legitimate users by repeatedly attempting unauthorized logins. The denial-of-service condition persists as long as the attacker continues their attempts.
IFF Assessment
This vulnerability allows attackers to disrupt legitimate access to critical industrial control system components, posing a direct threat to operational continuity.
Severity
Defender Context
This vulnerability affects industrial control systems, highlighting the need for robust access controls and monitoring for unusual authentication patterns on web interfaces of critical infrastructure. Defenders should prioritize patching or implementing compensating controls for this CVE to prevent denial-of-service attacks on operational technology.