Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Mitsubishi Electric Corporation - MITSUBISHI CNC M800V Series M800VW

cve-2023-3346

Vulnerability from cvelistv5

Published

2023-08-03 04:00

Modified

2024-08-02 06:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series

References

▼	URL	Tags
	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf	vendor-advisory
	https://jvn.jp/vu/JVNVU90352157/index.html	government-resource
	https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03	government-resource

Impacted products

▼	Vendor	Product
	Mitsubishi Electric Corporation	MITSUBISHI CNC M800V Series M800VW
	Mitsubishi Electric Corporation	MITSUBISHI CNC M800V Series M800VS
	Mitsubishi Electric Corporation	MITSUBISHI CNC M80V Series M80V
	Mitsubishi Electric Corporation	MITSUBISHI CNC M80V Series M80VW
	Mitsubishi Electric Corporation	MITSUBISHI CNC M800 Series M800W
	Mitsubishi Electric Corporation	MITSUBISHI CNC M800 Series M800S
	Mitsubishi Electric Corporation	MITSUBISHI CNC M80 Series M80
	Mitsubishi Electric Corporation	MITSUBISHI CNC M80 Series M80W
	Mitsubishi Electric Corporation	MITSUBISHI CNC E80 Series E80
	Mitsubishi Electric Corporation	MITSUBISHI CNC C80 Series C80
	Mitsubishi Electric Corporation	MITSUBISHI CNC M700V Series M720VW
	Mitsubishi Electric Corporation	MITSUBISHI CNC M700V Series M730VW
	Mitsubishi Electric Corporation	MITSUBISHI CNC M700V Series M750VW
	Mitsubishi Electric Corporation	MITSUBISHI CNC M700V Series M720VS
	Mitsubishi Electric Corporation	MITSUBISHI CNC M700V Series M730VS
	Mitsubishi Electric Corporation	MITSUBISHI CNC M700V Series M750VS
	Mitsubishi Electric Corporation	MITSUBISHI CNC M70V Series M70V
	Mitsubishi Electric Corporation	MITSUBISHI CNC E70 Series E70
	Mitsubishi Electric Corporation	MITSUBISHI CNC IoT Unit Remote Service Gateway Unit
	Mitsubishi Electric Corporation	MITSUBISHI CNC IoT Unit Data Acquisition Unit

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:02.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU90352157/index.html"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M800V Series M800VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2051W000 versions A8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M800V Series M800VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2052W000 versions A8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M80V Series M80V",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2053W000 versions A8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M80V Series M80VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2054W000 versions A8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M800 Series M800W",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2005W000 versions FB and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M800 Series M800S",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2006W000 versions FB and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M80 Series M80",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2007W000 versions FB and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M80 Series M80W",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2008W000 versions FB and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC E80 Series E80",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2009W000 versions FB and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC C80 Series C80",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2036W000 versions BF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M700V Series M720VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1015W000 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M700V Series M730VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1015W000 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M700V Series M750VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1015W002 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M700V Series M720VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1012W000 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M700V Series M730VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1012W000 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M700V Series M750VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1012W002 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC M70V Series M70V",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1018W000 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC E70 Series E70",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1022W000 versions LF and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC IoT Unit Remote Service Gateway Unit",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2041W001 versions AD and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MITSUBISHI CNC IoT Unit Data Acquisition Unit",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2041W002 all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery."
            }
          ],
          "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service (DoS)"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote Code Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-30T08:56:07.198Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU90352157/index.html"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-3346",
    "datePublished": "2023-08-03T04:00:43.294Z",
    "dateReserved": "2023-06-21T00:16:48.923Z",
    "dateUpdated": "2024-08-02T06:55:02.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}