CVE-2023-3346 - Vulnerability Details - OpenCVE

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01039.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mitsubishi Electric Corporation

MITSUBISHI CNC M800V Series M800VW

unaffected

Version	Status	Constraints
`System Number BND-2051W000 versions A8 and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M800V Series M800VS

unaffected

Version	Status	Constraints
`System Number BND-2052W000 versions A8 and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M80V Series M80V

unaffected

Version	Status	Constraints
`System Number BND-2053W000 versions A8 and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M80V Series M80VW

unaffected

Version	Status	Constraints
`System Number BND-2054W000 versions A8 and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M800 Series M800W

unaffected

Version	Status	Constraints
`System Number BND-2005W000 versions FB and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M800 Series M800S

unaffected

Version	Status	Constraints
`System Number BND-2006W000 versions FB and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M80 Series M80

unaffected

Version	Status	Constraints
`System Number BND-2007W000 versions FB and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M80 Series M80W

unaffected

Version	Status	Constraints
`System Number BND-2008W000 versions FB and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC E80 Series E80

unaffected

Version	Status	Constraints
`System Number BND-2009W000 versions FB and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC C80 Series C80

unaffected

Version	Status	Constraints
`System Number BND-2036W000 versions BF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M700V Series M720VW

unaffected

Version	Status	Constraints
`System Number BND-1015W000 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M700V Series M730VW

unaffected

Version	Status	Constraints
`System Number BND-1015W000 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M700V Series M750VW

unaffected

Version	Status	Constraints
`System Number BND-1015W002 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M700V Series M720VS

unaffected

Version	Status	Constraints
`System Number BND-1012W000 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M700V Series M730VS

unaffected

Version	Status	Constraints
`System Number BND-1012W000 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M700V Series M750VS

unaffected

Version	Status	Constraints
`System Number BND-1012W002 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC M70V Series M70V

unaffected

Version	Status	Constraints
`System Number BND-1018W000 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC E70 Series E70

unaffected

Version	Status	Constraints
`System Number BND-1022W000 versions LF and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC IoT Unit Remote Service Gateway Unit

unaffected

Version	Status	Constraints
`System Number BND-2041W001 versions AD and prior`	affected	—

Mitsubishi Electric Corporation

MITSUBISHI CNC IoT Unit Data Acquisition Unit

unaffected

Version	Status	Constraints
`System Number BND-2041W002 all versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:c80_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:c80:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:e70_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:e70:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:e80_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:e80:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:m70v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m70v:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishielectric:m720vs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m720vs:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishielectric:m720vs_15-type_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m720vs_15-type:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitsubishielectric:m720vw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m720vw:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitsubishielectric:m730vs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m730vs:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mitsubishielectric:m730vs_15-type_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m730vs_15-type:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mitsubishielectric:m730vw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m730vw:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mitsubishielectric:m750vs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m750vs:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mitsubishielectric:m750vs_15-type_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m750vs_15-type:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mitsubishielectric:m750vw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m750vw:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mitsubishielectric:m80_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m80:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:mitsubishielectric:m800s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m800s:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:mitsubishielectric:m800vs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m800vs:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:mitsubishielectric:m800vw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m800vw:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:mitsubishielectric:m800w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m800w:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:mitsubishielectric:m80v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m80v:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:mitsubishielectric:m80vw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m80vw:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:mitsubishielectric:m80w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:m80w:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Mitsubishielectric Subscribe	C80 Subscribe C80 Firmware Subscribe E70 Subscribe E70 Firmware Subscribe E80 Subscribe E80 Firmware Subscribe M70v Subscribe M70v Firmware Subscribe M720vs Subscribe M720vs 15-type Subscribe M720vs 15-type Firmware Subscribe M720vs Firmware Subscribe M720vw Subscribe M720vw Firmware Subscribe M730vs Subscribe M730vs 15-type Subscribe M730vs 15-type Firmware Subscribe M730vs Firmware Subscribe M730vw Subscribe M730vw Firmware Subscribe M750vs Subscribe M750vs 15-type Subscribe M750vs 15-type Firmware Subscribe M750vs Firmware Subscribe M750vw Subscribe M750vw Firmware Subscribe M80 Subscribe M800s Subscribe M800s Firmware Subscribe M800vs Subscribe M800vs Firmware Subscribe M800vw Subscribe M800vw Firmware Subscribe M800w Subscribe M800w Firmware Subscribe M80 Firmware Subscribe M80v Subscribe M80v Firmware Subscribe M80vw Subscribe M80vw Firmware Subscribe M80w Subscribe M80w Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-44014	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/vu/JVNVU90352157/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf

History

Wed, 04 Dec 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2023-08-03T04:00:43.294Z

Updated: 2024-12-04T15:16:48.710Z

Reserved: 2023-06-21T00:16:48.923Z

Link: CVE-2023-3346

Vulnrichment

Updated: 2024-08-02T06:55:02.703Z

NVD

Status : Modified

Published: 2023-08-03T05:15:10.603

Modified: 2024-11-21T08:17:04.037

Link: CVE-2023-3346

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-120

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3346", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2023-06-21T00:16:48.923Z", "datePublished": "2023-08-03T04:00:43.294Z", "dateUpdated": "2024-12-04T15:16:48.710Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M800V Series M800VW", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2051W000 versions A8 and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M800V Series M800VS", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2052W000 versions A8 and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M80V Series M80V", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2053W000 versions A8 and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M80V Series M80VW", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2054W000 versions A8 and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M800 Series M800W", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2005W000 versions FB and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M800 Series M800S", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2006W000 versions FB and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M80 Series M80", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2007W000 versions FB and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M80 Series M80W", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2008W000 versions FB and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC E80 Series E80", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2009W000 versions FB and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC C80 Series C80", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2036W000 versions BF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M700V Series M720VW", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1015W000 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M700V Series M730VW", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1015W000 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M700V Series M750VW", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1015W002 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M700V Series M720VS", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1012W000 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M700V Series M730VS", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1012W000 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M700V Series M750VS", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1012W002 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC M70V Series M70V", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1018W000 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC E70 Series E70", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-1022W000 versions LF and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC IoT Unit Remote Service Gateway Unit", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2041W001 versions AD and prior"}]}, {"defaultStatus": "unaffected", "product": "MITSUBISHI CNC IoT Unit Data Acquisition Unit", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "System Number BND-2041W002 all versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery."}], "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service (DoS)"}]}, {"descriptions": [{"lang": "en", "value": "Remote Code Execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-01-30T08:56:07.198Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU90352157/index.html"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:02.703Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"}, {"tags": ["government-resource", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU90352157/index.html"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-04T15:16:27.660728Z", "id": "CVE-2023-3346", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T15:16:48.710Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU90352157/index.html", "tags": ["government-resource", "x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:02.703Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3346", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-04T15:16:27.660728Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T15:16:43.051Z"}}], "cna": {"title": "Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series", "source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service (DoS)"}]}, {"descriptions": [{"lang": "en", "value": "Remote Code Execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M800V Series M800VW", "versions": [{"status": "affected", "version": "System Number BND-2051W000 versions A8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M800V Series M800VS", "versions": [{"status": "affected", "version": "System Number BND-2052W000 versions A8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M80V Series M80V", "versions": [{"status": "affected", "version": "System Number BND-2053W000 versions A8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M80V Series M80VW", "versions": [{"status": "affected", "version": "System Number BND-2054W000 versions A8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M800 Series M800W", "versions": [{"status": "affected", "version": "System Number BND-2005W000 versions FB and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M800 Series M800S", "versions": [{"status": "affected", "version": "System Number BND-2006W000 versions FB and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M80 Series M80", "versions": [{"status": "affected", "version": "System Number BND-2007W000 versions FB and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M80 Series M80W", "versions": [{"status": "affected", "version": "System Number BND-2008W000 versions FB and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC E80 Series E80", "versions": [{"status": "affected", "version": "System Number BND-2009W000 versions FB and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC C80 Series C80", "versions": [{"status": "affected", "version": "System Number BND-2036W000 versions BF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M700V Series M720VW", "versions": [{"status": "affected", "version": "System Number BND-1015W000 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M700V Series M730VW", "versions": [{"status": "affected", "version": "System Number BND-1015W000 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M700V Series M750VW", "versions": [{"status": "affected", "version": "System Number BND-1015W002 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M700V Series M720VS", "versions": [{"status": "affected", "version": "System Number BND-1012W000 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M700V Series M730VS", "versions": [{"status": "affected", "version": "System Number BND-1012W000 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M700V Series M750VS", "versions": [{"status": "affected", "version": "System Number BND-1012W002 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC M70V Series M70V", "versions": [{"status": "affected", "version": "System Number BND-1018W000 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC E70 Series E70", "versions": [{"status": "affected", "version": "System Number BND-1022W000 versions LF and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC IoT Unit Remote Service Gateway Unit", "versions": [{"status": "affected", "version": "System Number BND-2041W001 versions AD and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MITSUBISHI CNC IoT Unit Data Acquisition Unit", "versions": [{"status": "affected", "version": "System Number BND-2041W002 all versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU90352157/index.html", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.", "supportingMedia": [{"type": "text/html", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-01-30T08:56:07.198Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3346", "state": "PUBLISHED", "dateUpdated": "2024-12-04T15:16:48.710Z", "dateReserved": "2023-06-21T00:16:48.923Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2023-08-03T04:00:43.294Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:c80_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A2C7CEB-5419-4882-BECA-AB02BE7495ED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:c80:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DB46E5E-A87C-4604-8478-2E380DE15B31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:e70_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "82CC77B6-113E-4E69-86C3-BDB958E0526C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:e70:-:*:*:*:*:*:*:*", "matchCriteriaId": "861626CF-6AC2-4BDE-9204-4F2DF49DA3DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:e80_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "58B7693B-002F-4D6B-81F4-0D220388EBFD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:e80:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DF27249-85E2-4F4D-9BD4-0C46799C5F57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m70v_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FE99E00-C9B9-430D-B75A-040CFD4554BB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m70v:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AD8A2A3-6F05-44D2-B8F2-AF55EFE20B42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m720vs_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "39A07397-727A-4B97-8F43-5CFE327E3865", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m720vs:-:*:*:*:*:*:*:*", "matchCriteriaId": "F72BE81B-4619-4199-8C21-D86687BCAE84", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m720vs_15-type_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2E54EAC-DEA5-4A02-942A-46C7B4572806", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m720vs_15-type:-:*:*:*:*:*:*:*", "matchCriteriaId": "53FC9159-9F15-475E-B6C5-573AFFBBA2FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m720vw_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "30C5B6DC-59BD-4776-8C85-8880C2F7E4F8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m720vw:-:*:*:*:*:*:*:*", "matchCriteriaId": "7112B6B5-8BE6-4E9C-B6D6-F64A31A80E6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m730vs_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "51074DCA-06DB-4826-9800-7CB2C0C3F278", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m730vs:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AFFF519-B76C-465C-9477-6D78787E9F1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m730vs_15-type_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C56F2A9-D660-41A9-B981-049254E48714", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m730vs_15-type:-:*:*:*:*:*:*:*", "matchCriteriaId": "C146ACAB-EF80-429F-8766-B569DC26340E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m730vw_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6246A9B0-3FA3-485A-A496-C507B1843FE2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m730vw:-:*:*:*:*:*:*:*", "matchCriteriaId": "10B71551-4B72-4AD5-B84B-4CED5EC2D83E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m750vs_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D9B05DD-6999-4791-A80B-201760E0211B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m750vs:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E8E44BF-BF71-433C-B7FB-DE2634004D3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m750vs_15-type_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD5D709A-3D6E-49C3-93B5-3832730AEF7B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m750vs_15-type:-:*:*:*:*:*:*:*", "matchCriteriaId": "60BEB709-AF9D-4219-B172-A587759B3342", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m750vw_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C3FC16E-D7DA-494B-81A1-4592C17CA7E9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m750vw:-:*:*:*:*:*:*:*", "matchCriteriaId": "753EB189-5262-443D-8755-BEAF00E92D73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m80_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B563724A-AA22-45E5-956B-D8BA51103019", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m80:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EC6F60E-A347-4548-ABE4-79810909A35C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m800s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "52768FEC-7702-46DB-BDAB-BA0F755BE63E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m800s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A1D9E22-4B8C-4410-B048-A4F788041859", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m800vs_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "25030420-528F-45F4-A8D6-0D5A26B4C76C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m800vs:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB41007C-BD6F-4021-AD65-5DDBA614651E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m800vw_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "97EEFDE5-AEF0-4AB6-993A-D9F38A8CEEFD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m800vw:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D4BB785-DCE3-4B75-9988-BB0F4DB5995B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m800w_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A8D3F93-1889-40B8-940D-64FF5219F3D3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m800w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9AAE983-B324-47B3-A0CF-DCB99411CBFA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m80v_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "579711D7-A4E8-4313-B404-4D662A37FD63", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m80v:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E202965-D914-4A4C-BE8A-860EDA0ADFD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m80vw_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3F836BE-AF19-45AC-BE38-B75634733EF1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m80vw:-:*:*:*:*:*:*:*", "matchCriteriaId": "C845690F-D539-477B-987A-EC7EEEFB4C66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:m80w_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "81C5D5C5-D0A7-4629-9238-E5BF62BB84C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:m80w:-:*:*:*:*:*:*:*", "matchCriteriaId": "269F1D28-50E1-41A3-BBCF-E71EB68D3FEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery."}], "id": "CVE-2023-3346", "lastModified": "2024-11-21T08:17:04.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-03T05:15:10.603", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU90352157/index.html"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU90352157/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}