CVE-2023-3346

EPSS 1.04%
Veröffentlicht 03.08.2023 05:15:10
Zuletzt bearbeitet 21.11.2024 08:17:04
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ C80 Firmware Version-

Mitsubishielectric ≫ C80 Version-

Mitsubishielectric ≫ E70 Firmware Version-

Mitsubishielectric ≫ E70 Version-

Mitsubishielectric ≫ E80 Firmware Version-

Mitsubishielectric ≫ E80 Version-

Mitsubishielectric ≫ M70v Firmware Version-

Mitsubishielectric ≫ M70v Version-

Mitsubishielectric ≫ M720vs Firmware Version-

Mitsubishielectric ≫ M720vs Version-

Mitsubishielectric ≫ M720vs 15-type Firmware Version-

Mitsubishielectric ≫ M720vs 15-type Version-

Mitsubishielectric ≫ M720vw Firmware Version-

Mitsubishielectric ≫ M720vw Version-

Mitsubishielectric ≫ M730vs Firmware Version-

Mitsubishielectric ≫ M730vs Version-

Mitsubishielectric ≫ M730vs 15-type Firmware Version-

Mitsubishielectric ≫ M730vs 15-type Version-

Mitsubishielectric ≫ M730vw Firmware Version-

Mitsubishielectric ≫ M730vw Version-

Mitsubishielectric ≫ M750vs Firmware Version-

Mitsubishielectric ≫ M750vs Version-

Mitsubishielectric ≫ M750vs 15-type Firmware Version-

Mitsubishielectric ≫ M750vs 15-type Version-

Mitsubishielectric ≫ M750vw Firmware Version-

Mitsubishielectric ≫ M750vw Version-

Mitsubishielectric ≫ M80 Firmware Version-

Mitsubishielectric ≫ M80 Version-

Mitsubishielectric ≫ M800s Firmware Version-

Mitsubishielectric ≫ M800s Version-

Mitsubishielectric ≫ M800vs Firmware Version-

Mitsubishielectric ≫ M800vs Version-

Mitsubishielectric ≫ M800vw Firmware Version-

Mitsubishielectric ≫ M800vw Version-

Mitsubishielectric ≫ M800w Firmware Version-

Mitsubishielectric ≫ M800w Version-

Mitsubishielectric ≫ M80v Firmware Version-

Mitsubishielectric ≫ M80v Version-

Mitsubishielectric ≫ M80vw Firmware Version-

Mitsubishielectric ≫ M80vw Version-

Mitsubishielectric ≫ M80w Firmware Version-

Mitsubishielectric ≫ M80w Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.04%	0.768

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://jvn.jp/vu/JVNVU90352157/index.html

Third Party Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03

Third Party Advisory

US Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3346

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3346

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3346

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3346