Vulnerability identifier: #VU78738
Vulnerability risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
M800VW
Hardware solutions /
Firmware
M800VS
Hardware solutions /
Firmware
M80V
Hardware solutions /
Firmware
M80VW
Hardware solutions /
Firmware
M800W
Hardware solutions /
Firmware
M800S
Hardware solutions /
Firmware
M80
Hardware solutions /
Firmware
M80W
Hardware solutions /
Firmware
E80
Hardware solutions /
Firmware
C80
Hardware solutions /
Firmware
M7V Series
Hardware solutions /
Firmware
M700VW
Hardware solutions /
Firmware
M700VS
Hardware solutions /
Firmware
M70V
Hardware solutions /
Firmware
E70
Hardware solutions /
Firmware
Remote Service Gateway Unit
Hardware solutions /
Firmware
Data Acquisition Unit
Hardware solutions /
Firmware
Vendor: Mitsubishi Electric
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
M800VW: All versions
M800VS: All versions
M80V: All versions
M80VW: All versions
M800W: All versions
M800S: All versions
M80: All versions
M80W: All versions
E80: All versions
C80: All versions
M7V Series: All versions
M700VW: All versions
M700VS: All versions
M70V: All versions
E70: All versions
Remote Service Gateway Unit: All versions
Data Acquisition Unit: All versions
External links
http://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.