10
CVE-2023-1424
- EPSS 3.44%
- Veröffentlicht 24.05.2023 05:15:08
- Zuletzt bearbeitet 21.11.2024 07:39:09
- Quelle Mitsubishielectric.Psirt@yd.Mi
- CVE-Watchlists
- Unerledigt
LoginDenial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.44% | 0.874 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
https://jvn.jp/vu/JVNVU94650413
https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727