PatchSiren cyber security CVE debrief
CVE-2023-51778 Mitsubishi Electric CVE debrief
CVE-2023-51778 is a local denial-of-service vulnerability affecting 37 Mitsubishi Electric FA engineering software products. If malicious code executes on a computer where affected software is installed, a local attacker can trigger a Windows blue screen error, resulting in denial-of-service. The vulnerability requires local access, low privileges, and user interaction, with high attack complexity. CISA published this advisory on May 14, 2024, with the most recent update (Update E) on January 15, 2026, adding version information to affected product and mitigation sections. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Mitsubishi Electric
- Product
- CPU Module Logging Configuration Tool
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2026-01-15
- Advisory published
- 2024-05-14
- Advisory updated
- 2026-01-15
Who should care
Organizations using Mitsubishi Electric FA engineering software in industrial automation environments, particularly those with engineering workstations accessible to multiple users or connected to operational networks. System administrators responsible for maintaining PLC programming environments and industrial control system security should prioritize patching based on product deployment.
Technical summary
This vulnerability affects 37 Mitsubishi Electric FA engineering software products including GX Works2, GX Works3, GT Designer3, MX Component, and various configuration and interface tools. The vulnerability is triggered when malicious code executes on a system with affected software installed, allowing a local attacker with low privileges to cause a Windows blue screen error. The attack requires user interaction and has high complexity. CVSS 3.1 vector: AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H. Vendor fixes and mitigations are available with specific version updates required per product.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to affected Mitsubishi Electric FA engineering software products per product-specific version guidance in the CISA advisory
- For products without specific patch versions available, contact your place of purchase for assistance with obtaining updates
- Implement defense-in-depth strategies for industrial control systems environments per CISA recommended practices
- Restrict local access to engineering workstations running affected software to authorized personnel only
- Monitor for unexpected system crashes or blue screen errors on systems running affected Mitsubishi Electric software
Evidence notes
CVE description and affected product list derived from CISA CSAF advisory ICSA-24-135-04. CVSS 3.1 score of 4.4 (MEDIUM) confirmed from source. Timeline based on CVE published date (2024-05-14) and source modification date (2026-01-15). Not a KEV entry per enrichment data.
Official resources
-
CVE-2023-51778 CVE record
CVE.org
-
CVE-2023-51778 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14