CVE-2023-3346: Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series
First published: Thu Aug 03 2023(Updated: )
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric C80 Firmware | ||
| Mitsubishielectric C80 | ||
| Mitsubishielectric E70 Firmware | ||
| Mitsubishielectric E70 | ||
| Mitsubishielectric E80 Firmware | ||
| Mitsubishielectric E80 | ||
| Mitsubishielectric M70v Firmware | ||
| Mitsubishielectric M70v | ||
| Mitsubishielectric M720vs Firmware | ||
| Mitsubishielectric M720vs | ||
| Mitsubishielectric M720vs 15-type Firmware | ||
| Mitsubishielectric M720vs 15-type | ||
| Mitsubishielectric M720vw Firmware | ||
| Mitsubishielectric M720vw | ||
| Mitsubishielectric M730vs Firmware | ||
| Mitsubishielectric M730vs | ||
| Mitsubishielectric M730vs 15-type Firmware | ||
| Mitsubishielectric M730vs 15-type | ||
| Mitsubishielectric M730vw Firmware | ||
| Mitsubishielectric M730vw | ||
| Mitsubishielectric M750vs Firmware | ||
| Mitsubishielectric M750vs | ||
| Mitsubishielectric M750vs 15-type Firmware | ||
| Mitsubishielectric M750vs 15-type | ||
| Mitsubishielectric M750vw Firmware | ||
| Mitsubishielectric M750vw | ||
| Mitsubishielectric M80 Firmware | ||
| Mitsubishielectric M80 | ||
| Mitsubishielectric M800s Firmware | ||
| Mitsubishielectric M800s | ||
| Mitsubishielectric M800vs Firmware | ||
| Mitsubishielectric M800vs | ||
| Mitsubishielectric M800vw Firmware | ||
| Mitsubishielectric M800vw | ||
| Mitsubishielectric M800w Firmware | ||
| Mitsubishielectric M800w | ||
| Mitsubishielectric M80v Firmware | ||
| Mitsubishielectric M80v | ||
| Mitsubishielectric M80vw Firmware | ||
| Mitsubishielectric M80vw | ||
| Mitsubishielectric M80w Firmware | ||
| Mitsubishielectric M80w |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2023-3346.
What is the severity of CVE-2023-3346?
The severity of CVE-2023-3346 is critical with a CVSS score of 9.8.
What is the affected software for CVE-2023-3346?
The affected software for CVE-2023-3346 is Mitsubishielectric C80 Firmware, Mitsubishielectric E70 Firmware, Mitsubishielectric E80 Firmware, Mitsubishielectric M70v Firmware, Mitsubishielectric M720vs Firmware, Mitsubishielectric M720vs 15-type Firmware, Mitsubishielectric M720vw Firmware, Mitsubishielectric M730vs Firmware, Mitsubishielectric M730vs 15-type Firmware, Mitsubishielectric M730vw Firmware, Mitsubishielectric M750vs Firmware, Mitsubishielectric M750vs 15-type Firmware, Mitsubishielectric M750vw Firmware, Mitsubishielectric M80 Firmware, Mitsubishielectric M800s Firmware, Mitsubishielectric M800vs Firmware, Mitsubishielectric M800vw Firmware, Mitsubishielectric M800w Firmware, Mitsubishielectric M80v Firmware, Mitsubishielectric M80vw Firmware, and Mitsubishielectric M80w Firmware.
How does CVE-2023-3346 impact the affected software?
CVE-2023-3346 allows a remote unauthenticated attacker to cause a Denial of Service (DoS) condition and execute arbitrary code on the affected software.
Are there any official references for CVE-2023-3346?
Yes, you can find official references for CVE-2023-3346 at the following links: [Mitsubishielectric PSIRT PDF](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf), [CISA Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03), [JVN](https://jvn.jp/vu/JVNVU90352157/index.html).
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mitsubishielectric
- canonical/mitsubishielectric c80 firmware
- canonical/mitsubishielectric c80
- canonical/mitsubishielectric e70 firmware
- canonical/mitsubishielectric e70
- canonical/mitsubishielectric e80 firmware
- canonical/mitsubishielectric e80
- canonical/mitsubishielectric m70v firmware
- canonical/mitsubishielectric m70v
- canonical/mitsubishielectric m720vs firmware
- canonical/mitsubishielectric m720vs
- canonical/mitsubishielectric m720vs 15-type firmware
- canonical/mitsubishielectric m720vs 15-type
- canonical/mitsubishielectric m720vw firmware
- canonical/mitsubishielectric m720vw
- canonical/mitsubishielectric m730vs firmware
- canonical/mitsubishielectric m730vs
- canonical/mitsubishielectric m730vs 15-type firmware
- canonical/mitsubishielectric m730vs 15-type
- canonical/mitsubishielectric m730vw firmware
- canonical/mitsubishielectric m730vw
- canonical/mitsubishielectric m750vs firmware
- canonical/mitsubishielectric m750vs
- canonical/mitsubishielectric m750vs 15-type firmware
- canonical/mitsubishielectric m750vs 15-type
- canonical/mitsubishielectric m750vw firmware
- canonical/mitsubishielectric m750vw
- canonical/mitsubishielectric m80 firmware
- canonical/mitsubishielectric m80
- canonical/mitsubishielectric m800s firmware
- canonical/mitsubishielectric m800s
- canonical/mitsubishielectric m800vs firmware
- canonical/mitsubishielectric m800vs
- canonical/mitsubishielectric m800vw firmware
- canonical/mitsubishielectric m800vw
- canonical/mitsubishielectric m800w firmware
- canonical/mitsubishielectric m800w
- canonical/mitsubishielectric m80v firmware
- canonical/mitsubishielectric m80v
- canonical/mitsubishielectric m80vw firmware
- canonical/mitsubishielectric m80vw
- canonical/mitsubishielectric m80w firmware
- canonical/mitsubishielectric m80w