How severe is CVE-2023-4699?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-4699?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2023-4699

CRITICAL Year: 2023

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-306

View all →

Vulnerability Description

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.

CVE-2018-19248

CRITICAL

CVSS:9.1(Critical)

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer w...

CWE-3062018

CVE-2019-10668

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose informat...

CWE-3062019

CVE-2019-11496

CRITICAL

CVSS:9.1(Critical)

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets inc...

CWE-3062019

CVE-2019-17512

CRITICAL

CVSS:9.1(Critical)

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which ...

CWE-3062019

CVE-2019-4244

CRITICAL

CVSS:9.1(Critical)

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-F...

CWE-3062019

CVE-2019-5077

CRITICAL

CVSS:9.1(Critical)

An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware vers...

CWE-3062019

CVE-2023-4699

Vulnerability Description

Related Vulnerabilities

CVE-2018-19248

CVE-2019-10668

CVE-2019-11496

CVE-2019-17512

CVE-2019-4244

CVE-2019-5077