medium
5.3
CWE
410
Advisory Published
Updated

CVE-2023-7033

First published: Tue Feb 27 2024(Updated: )

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN Analog-Digital Converter Module, CC-Link IE TSN Digital-Analog Converter Module, CC-Link IE TSN - CC-Link IE Field Network Bridge Module, CC-Link IE TSN - AnyWireASLINK Bridge Module, CC-Link IE TSN FPGA Module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Motion Module, MELSEC iQ-L Motion Module, MELSEC iQ-F FX5 Motion Module, MELSEC iQ-F Series CPU module, MELSEC iQ-F Series Ethernet module, MELSEC iQ-F Series Ethernet/IP module, MELSEC iQ-F Series OPC UA Module, MELSEC iQ-F Series CC-Link IE TSN master/local module, GOT2000 Series CC-Link IE TSN Communication Unit, FR-A800-E series inverters, FR-F800-E series inverters, FR-E800-E series inverters, INVERTER CC-Link IE TSN Plug-in option, INVERTER CC-Link IE TSN Safety Plug-in option, INVERTER CC-Link IE TSN communication function built-in type, MR-J5 series AC Servos MELSERVO, MR-JET series AC Servos MELSERVO, MR-MD333G series AC Servos MELSERVO, MR-JE series AC Servos MELSERVO, MELSERVO-J4 AC Servos MELSERVO and Embedded Type Servo System Controller allow a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishi Electric MELSEC iQ-R series CPU module R16/32/64MTCPU
Mitsubishi Electric MELSEC iQ-L series CPU module
Mitsubishi Electric MELSEC iQ-R Ethernet Interface Module RJ71EN71
Mitsubishi Electric MELSEC iQ-R CC-Link IE TSN Master/Local Module RJ71GN11-SX
Mitsubishi Electric CC-Link IE TSN Remote I/O Module
Mitsubishi Electric CC-Link IE TSN Analog-Digital Converter Module NZ2GN2B-60AD4
Mitsubishi Electric CC-Link IE TSN Digital-Analog Converter Module NZ2GN2B-60DA4
CC-Link IE TSN - CC-Link IE Field Network Bridge Module NZ2GN-GFB
Mitsubishi Electric CC-Link IE TSN - AnyWireASLINK Bridge Module
Mitsubishi Electric CC-Link IE TSN FPGA Module NZ2GN2S-D41PD02
Mitsubishi Electric CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300
Mitsubishi Electric MELSEC iQ-R Series Motion Module
Mitsubishi Electric MELSEC iQ-L Motion Module
Mitsubishi Electric MELSEC-iQ-F
Mitsubishi Electric MELSEC iQ-F Series
Mitsubishi Electric MELSEC iQ-F Series
Mitsubishi Electric MELSEC iQ-F Series Ethernet/IP module
Mitsubishi Electric MELSEC iQ-F Series OPC UA Module FX5-OPC
Mitsubishi Electric MELSEC iQ-F Series CC-Link IE TSN master/local module FX5-CCLGN-MS
Mitsubishi Electric GOT2000 Series CC-Link IE TSN Communication Unit
Mitsubishi Electric FR-A800-E Series
Mitsubishi Electric FR-E800-EPA Series
Mitsubishi Electric FR-E800 Series
Mitsubishi Electric INVERTER CC-Link IE TSN Safety Plug-in option
Mitsubishi Electric CC-Link IE TSN Safety Plug-in option FR-A8NCG-S
Mitsubishi Electric INVERTER CC-Link IE TSN communication function built-in type
Mitsubishi Electric MELSERVO MR-J5 series AC Servos
MITSUBISHI ELECTRIC MELSERVO MR-JET-G SERIES
Mitsubishi Electric MELSERVO
Mitsubishi Electric MELSERVO MR-JE series AC Servos
Mitsubishi Electric MELSERVO-J4 AC Servos
Mitsubishi Electric Embedded Type Servo System Controller

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-7033?

    The severity of CVE-2023-7033 is classified as critical due to insufficient resource management that may lead to denial of service.

  • How do I fix CVE-2023-7033?

    To fix CVE-2023-7033, users should apply the latest firmware update provided by Mitsubishi Electric for affected devices.

  • What devices are affected by CVE-2023-7033?

    CVE-2023-7033 affects various Mitsubishi Electric products including MELSEC iQ-R and iQ-L series CPU modules and various CC-Link IE TSN modules.

  • What can happen if CVE-2023-7033 is exploited?

    Exploitation of CVE-2023-7033 can result in denial of service, impacting the functionality of the affected Ethernet devices.

  • Has CVE-2023-7033 been actively exploited?

    As of now, there are no reported incidents of active exploitation of CVE-2023-7033.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203