CVE-2023-6943

CRITICAL
Published Jan 30, 2024 Modified Sep 19, 2025 CWE-470

Description

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-470 CWE-470

Affected Products

Vendor Product
mitsubishielectric ezsocket
mitsubishielectric fr_configurator2
mitsubishielectric got1000
mitsubishielectric got2000
mitsubishielectric gx_works2
mitsubishielectric gx_works3
mitsubishielectric mc_works64
mitsubishielectric melsoft_navigator
mitsubishielectric mt_works2
mitsubishielectric mx_component

References

Frequently Asked Questions

What is CVE-2023-6943? +
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2023-6943? +
CVE-2023-6943 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2023-6943? +
CVE-2023-6943 affects products from mitsubishielectric, specifically: ezsocket, fr_configurator2, got1000, got2000, gx_works2, gx_works3, mc_works64, melsoft_navigator, mt_works2, mx_component. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2023-6943? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-2794

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service …
CVE-2025-53693 9.8

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience …
CVE-2025-34393 9.8

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name …
CVE-2026-42027 9.8

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(Class, String) …
CVE-2025-63690 9.1

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system …
CVE-2024-8015 9.1

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2023-6943 — free, no signup required.

Start Free Scan