Action not permitted
Modal body text goes here.
ghsa-jrmr-8594-crxx
Vulnerability from github
Published
2023-05-24 06:30
Modified
2024-04-04 04:19
Severity ?
Details
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
{ "affected": [], "aliases": [ "CVE-2023-1424" ], "database_specific": { "cwe_ids": [ "CWE-120" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-05-24T05:15:08Z", "severity": "HIGH" }, "details": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.", "id": "GHSA-jrmr-8594-crxx", "modified": "2024-04-04T04:19:31Z", "published": "2023-05-24T06:30:24Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1424" }, { "type": "WEB", "url": "https://jvn.jp/vu/JVNVU94650413" }, { "type": "WEB", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03" }, { "type": "WEB", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
cve-2023-1424
Vulnerability from cvelistv5
Published
2023-05-24 04:39
Modified
2024-08-02 05:49
Severity ?
EPSS score ?
Summary
Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:49:11.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727" }, { "tags": [ "x_transferred" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/vu/JVNVU94650413" }, { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-32MT/ES", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-64MT/ES", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-80MT/ES", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-32MR/ES", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-64MR/ES", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-80MR/ES", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-32MT/DS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-64MT/DS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-80MT/DS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-32MR/DS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-64MR/DS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-80MR/DS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-32MT/ESS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-64MT/ESS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-80MT/ESS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-32MT/DSS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-64MT/DSS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5U-80MT/DSS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-32MT/D", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-64MT/D", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-96MT/D", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-32MT/DSS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-64MT/DSS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-96MT/DSS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "Serial number 17X**** or later, versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-32MT/DS-TS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-32MT/DSS-TS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-F Series FX5UC-32MR/DS-TS", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 1.220 to 1.281" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R00CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions 35 and prior" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R01CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions 35 and prior" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R02CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions 35 and prior" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R04CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R04ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 12 to 68" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 26 to 31" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 26 to 31" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 26 to 31" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 26 to 31" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08PCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 3 to 37" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16PCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 3 to 37" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32PCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 3 to 37" } ] }, { "defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120PCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "versions from 3 to 37" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution." } ], "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Denial-of-Service and Remote Code Execution" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-14T09:05:52.848Z", "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi" }, "references": [ { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf" }, { "url": "https://jvn.jp/vu/JVNVU94650413" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03" } ], "source": { "discovery": "UNKNOWN" }, "title": "Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "assignerShortName": "Mitsubishi", "cveId": "CVE-2023-1424", "datePublished": "2023-05-24T04:39:25.040Z", "dateReserved": "2023-03-16T02:10:25.722Z", "dateUpdated": "2024-08-02T05:49:11.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.