Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.
References
| Link | Resource |
|---|---|
| https://jvn.jp/vu/JVNVU90352157/index.html | Third Party Advisory |
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03 | Third Party Advisory US Government Resource |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf | Vendor Advisory |
| https://jvn.jp/vu/JVNVU90352157/index.html | Third Party Advisory |
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03 | Third Party Advisory US Government Resource |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
History
21 Nov 2024, 08:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://jvn.jp/vu/JVNVU90352157/index.html - Third Party Advisory | |
| References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03 - Third Party Advisory, US Government Resource | |
| References | () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf - Vendor Advisory |
11 Aug 2023, 21:01
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-120 | |
| CPE | cpe:2.3:o:mitsubishielectric:m80_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m720vs:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:e80:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m730vs_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:e70:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m730vs_15-type_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m750vs:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m750vs_15-type:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m750vw:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m80vw_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m800s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m720vw_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m730vs:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m730vs_15-type:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m800w_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m750vw_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m70v_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m80vw:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m800s:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m720vs_15-type:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:e80_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m80w:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m800vs_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m80v:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m750vs_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:c80:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m730vw:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:e70_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m80:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m800vs:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m800w:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m800vw_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m750vs_15-type_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m80w_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m800vw:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:c80_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m720vs_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m80v_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m730vw_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m720vw:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:m70v:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:m720vs_15-type_firmware:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03 - Third Party Advisory, US Government Resource | |
| References | (MISC) https://jvn.jp/vu/JVNVU90352157/index.html - Third Party Advisory | |
| References | (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf - Vendor Advisory |
03 Aug 2023, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-03 05:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3346
Mitre link : CVE-2023-3346
CVE.ORG link : CVE-2023-3346
JSON object : View
Products Affected
mitsubishielectric
- m80vw
- m800s
- m750vw_firmware
- m720vs_15-type_firmware
- e70
- m800vs
- m730vw_firmware
- m800vw_firmware
- m730vs_firmware
- m720vs_15-type
- m70v_firmware
- m720vs
- m720vw
- m750vs
- m800vw
- m720vw_firmware
- e70_firmware
- m800s_firmware
- m80w
- m750vw
- m750vs_15-type
- m730vs
- e80
- m80
- m80w_firmware
- c80
- c80_firmware
- m750vs_15-type_firmware
- m730vs_15-type_firmware
- m730vs_15-type
- m70v
- m80vw_firmware
- m80_firmware
- m800w
- m750vs_firmware
- m730vw
- m80v_firmware
- m800vs_firmware
- m800w_firmware
- m80v
- m720vs_firmware
- e80_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')