Vulnerability Description
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | C80 Firmware | - |
| Mitsubishielectric | C80 | - |
| Mitsubishielectric | E70 Firmware | - |
| Mitsubishielectric | E70 | - |
| Mitsubishielectric | E80 Firmware | - |
| Mitsubishielectric | E80 | - |
| Mitsubishielectric | M70V Firmware | - |
| Mitsubishielectric | M70V | - |
| Mitsubishielectric | M720Vs Firmware | - |
| Mitsubishielectric | M720Vs | - |
| Mitsubishielectric | M720Vs 15-Type Firmware | - |
| Mitsubishielectric | M720Vs 15-Type | - |
| Mitsubishielectric | M720Vw Firmware | - |
| Mitsubishielectric | M720Vw | - |
| Mitsubishielectric | M730Vs Firmware | - |
| Mitsubishielectric | M730Vs | - |
| Mitsubishielectric | M730Vs 15-Type Firmware | - |
| Mitsubishielectric | M730Vs 15-Type | - |
| Mitsubishielectric | M730Vw Firmware | - |
| Mitsubishielectric | M730Vw | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU90352157/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU90352157/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdfVendor Advisory
FAQ
What is CVE-2023-3346?
CVE-2023-3346 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and exe...
How severe is CVE-2023-3346?
CVE-2023-3346 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-3346?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric C80 Firmware, Mitsubishielectric C80, Mitsubishielectric E70 Firmware, Mitsubishielectric E70, Mitsubishielectric E80 Firmware.