{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-3346","assignerOrgId":"e0f77b61-78fd-4786-b3fb-1ee347a748ad","state":"PUBLISHED","assignerShortName":"Mitsubishi","dateReserved":"2023-06-21T00:16:48.923Z","datePublished":"2023-08-03T04:00:43.294Z","dateUpdated":"2024-12-04T15:16:48.710Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M800V Series M800VW","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2051W000 versions A8 and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M800V Series M800VS","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2052W000 versions A8 and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M80V Series M80V","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2053W000 versions A8 and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M80V Series M80VW","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2054W000 versions A8 and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M800 Series M800W","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2005W000 versions FB and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M800 Series M800S","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2006W000 versions FB and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M80 Series M80","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2007W000 versions FB and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M80 Series M80W","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2008W000 versions FB and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC E80 Series E80","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2009W000 versions FB and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC C80 Series C80","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2036W000 versions BF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M700V Series M720VW","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1015W000 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M700V Series M730VW","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1015W000 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M700V Series M750VW","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1015W002 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M700V Series M720VS","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1012W000 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M700V Series M730VS","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1012W000 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M700V Series M750VS","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1012W002 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC M70V Series M70V","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1018W000 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC E70 Series E70","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-1022W000 versions LF and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC IoT Unit Remote Service Gateway Unit","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2041W001 versions AD and prior"}]},{"defaultStatus":"unaffected","product":"MITSUBISHI CNC IoT Unit Data Acquisition Unit","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"System Number BND-2041W002 all versions"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery."}],"value":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery."}],"impacts":[{"descriptions":[{"lang":"en","value":"Denial of Service (DoS)"}]},{"descriptions":[{"lang":"en","value":"Remote Code Execution"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-120","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e0f77b61-78fd-4786-b3fb-1ee347a748ad","shortName":"Mitsubishi","dateUpdated":"2024-01-30T08:56:07.198Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"},{"tags":["government-resource"],"url":"https://jvn.jp/vu/JVNVU90352157/index.html"},{"tags":["government-resource"],"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"}],"source":{"discovery":"UNKNOWN"},"title":"Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:55:02.703Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf"},{"tags":["government-resource","x_transferred"],"url":"https://jvn.jp/vu/JVNVU90352157/index.html"},{"tags":["government-resource","x_transferred"],"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-04T15:16:27.660728Z","id":"CVE-2023-3346","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-04T15:16:48.710Z"}}]}}