ByteOS Network

Vulnerability Details :

CVE-2023-3346

Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad

Published At-03 Aug, 2023 | 04:00

Updated At-04 Dec, 2024 | 15:16

Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Mitsubishi

Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad

Published At:03 Aug, 2023 | 04:00

Updated At:04 Dec, 2024 | 15:16

▼CVE Numbering Authority (CNA)

Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series

Affected Products

Vendor

Hyperlink	Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf	vendor-advisory
https://jvn.jp/vu/JVNVU90352157/index.html	government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03	government-resource

Hyperlink	Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf	vendor-advisory x_transferred
https://jvn.jp/vu/JVNVU90352157/index.html	government-resource x_transferred
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03	government-resource x_transferred

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov
CWE-120	Secondary	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Hyperlink	Source	Resource
https://jvn.jp/vu/JVNVU90352157/index.html	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	Vendor Advisory

CVE-2023-3346

Credits

Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics