Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2023-3346

Disclosure Date: August 03, 2023
CVE-2023-3346 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
MITSUBISHI CNC M800V Series M800VW System Number BND-2051W000 versions A8 and prior
MITSUBISHI CNC M800V Series M800VS System Number BND-2052W000 versions A8 and prior
MITSUBISHI CNC M80V Series M80V System Number BND-2053W000 versions A8 and prior
MITSUBISHI CNC M80V Series M80VW System Number BND-2054W000 versions A8 and prior
MITSUBISHI CNC M800 Series M800W System Number BND-2005W000 versions FB and prior
MITSUBISHI CNC M800 Series M800S System Number BND-2006W000 versions FB and prior
MITSUBISHI CNC M80 Series M80 System Number BND-2007W000 versions FB and prior
MITSUBISHI CNC M80 Series M80W System Number BND-2008W000 versions FB and prior
MITSUBISHI CNC E80 Series E80 System Number BND-2009W000 versions FB and prior
MITSUBISHI CNC C80 Series C80 System Number BND-2036W000 versions BF and prior
MITSUBISHI CNC M700V Series M720VW System Number BND-1015W000 versions LF and prior
MITSUBISHI CNC M700V Series M730VW System Number BND-1015W000 versions LF and prior
MITSUBISHI CNC M700V Series M750VW System Number BND-1015W002 versions LF and prior
MITSUBISHI CNC M700V Series M720VS System Number BND-1012W000 versions LF and prior
MITSUBISHI CNC M700V Series M730VS System Number BND-1012W000 versions LF and prior
MITSUBISHI CNC M700V Series M750VS System Number BND-1012W002 versions LF and prior
MITSUBISHI CNC M70V Series M70V System Number BND-1018W000 versions LF and prior
MITSUBISHI CNC E70 Series E70 System Number BND-1022W000 versions LF and prior
MITSUBISHI CNC IoT Unit Remote Service Gateway Unit System Number BND-2041W001 versions AD and prior
MITSUBISHI CNC IoT Unit Data Acquisition Unit System Number BND-2041W002 all versions
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis