Vulnerability Description
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Ds Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Ds | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Dss Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Dss | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Es Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Es | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Ess Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mr\/Ess | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Ds Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Ds | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Dss Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Dss | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Es Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Es | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Ess Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-32Mt\/Ess | - |
| Mitsubishielectric | Melsec Iq-Fx5U-64Mr\/Ds Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-64Mr\/Ds | - |
| Mitsubishielectric | Melsec Iq-Fx5U-64Mr\/Dss Firmware | - |
| Mitsubishielectric | Melsec Iq-Fx5U-64Mr\/Dss | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU94650413Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdfPatchVendor Advisory
- https://jvn.jp/vu/JVNVU94650413Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdfPatchVendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727
FAQ
What is CVE-2023-1424?
CVE-2023-1424 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remot...
How severe is CVE-2023-1424?
CVE-2023-1424 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-1424?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Melsec Iq-Fx5U-32Mr\/Ds Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mr\/Ds, Mitsubishielectric Melsec Iq-Fx5U-32Mr\/Dss Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mr\/Dss, Mitsubishielectric Melsec Iq-Fx5U-32Mr\/Es Firmware.