Remote code execution in Mitsubishi Electric CNC Series
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-3346 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
M800VW Hardware solutions / Firmware M800VS Hardware solutions / Firmware M80V Hardware solutions / Firmware M80VW Hardware solutions / Firmware M800W Hardware solutions / Firmware M800S Hardware solutions / Firmware M80 Hardware solutions / Firmware M80W Hardware solutions / Firmware E80 Hardware solutions / Firmware C80 Hardware solutions / Firmware M7V Series Hardware solutions / Firmware M700VW Hardware solutions / Firmware M700VS Hardware solutions / Firmware M70V Hardware solutions / Firmware E70 Hardware solutions / Firmware Remote Service Gateway Unit Hardware solutions / Firmware Data Acquisition Unit Hardware solutions / Firmware |
| Vendor | Mitsubishi Electric |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU78738
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-3346
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsM800VW: All versions
M800VS: All versions
M80V: All versions
M80VW: All versions
M800W: All versions
M800S: All versions
M80: All versions
M80W: All versions
E80: All versions
C80: All versions
M7V Series: All versions
M700VW: All versions
M700VS: All versions
M70V: All versions
E70: All versions
Remote Service Gateway Unit: All versions
Data Acquisition Unit: All versions
External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
