CVE-2023-3346

Published: Aug 3, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

Affected (21)

Products: Mitsubishielectric: C80 Firmware, E70 Firmware, E80 Firmware, M70v Firmware, M720vs Firmware, M720vs 15 Type Firmware, M720vw Firmware, M730vs Firmware, M730vs 15 Type Firmware, M730vw Firmware, M750vs Firmware, M750vs 15 Type Firmware, M750vw Firmware, M80 Firmware, M800s Firmware, M800vs Firmware, M800vw Firmware, M800w Firmware, M80v Firmware, M80vw Firmware, M80w Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric C80 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric C80	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric E70 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric E70	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric E80 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric E80	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M70v Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M70v	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M720vs Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M720vs	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M720vs 15 Type Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M720vs 15 Type	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M720vw Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M720vw	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M730vs Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M730vs	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M730vs 15 Type Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M730vs 15 Type	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M730vw Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M730vw	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M750vs Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M750vs	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M750vs 15 Type Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M750vs 15 Type	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M750vw Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M750vw	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M80 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M80	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M800s Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M800s	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M800vs Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M800vs	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M800vw Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M800vw	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M800w Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M800w	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M80v Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M80v	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M80vw Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M80vw	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric M80w Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric M80w	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (6)

https://jvn.jp/vu/JVNVU90352157/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vendor Advisory

https://jvn.jp/vu/JVNVU90352157/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.