CVE-2023-1424

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
mitsubishielectricmelsec_iq-fx5u-32mr/ds_firmware
-
mitsubishielectricmelsec_iq-fx5u-32mr/dss_firmware
-
mitsubishielectricmelsec_iq-fx5u-32mr/es_firmware
-
mitsubishielectricmelsec_iq-fx5u-32mr/ess_firmware
-
mitsubishielectricmelsec_iq-fx5u-32mt/ds_firmware
-
mitsubishielectricmelsec_iq-fx5u-32mt/dss_firmware
-
mitsubishielectricmelsec_iq-fx5u-32mt/es_firmware
-
mitsubishielectricmelsec_iq-fx5u-32mt/ess_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mr/ds_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mr/dss_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mr/es_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mr/ess_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mt/ds_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mt/dss_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mt/es_firmware
-
mitsubishielectricmelsec_iq-fx5u-64mt/ess_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mr/ds_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mr/dss_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mr/es_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mr/ess_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mt/ds_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mt/dss_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mt/es_firmware
-
mitsubishielectricmelsec_iq-fx5u-80mt/ess_firmware
-
mitsubishielectricmelsec_iq-fx5uc-32mr/dds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-32mr/ds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-32mr/ds-ts_firmware
-
mitsubishielectricmelsec_iq-fx5uc-32mt/dds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-32mt/ds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-32mt/dss-ts_firmware
-
mitsubishielectricmelsec_iq-fx5uc-32mt/ds-ts_firmware
-
mitsubishielectricmelsec_iq-fx5uc-64mr/dds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-64mr/ds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-64mt/dds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-64mt/ds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-96mr/dds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-96mr/ds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-96mt/dds_firmware
-
mitsubishielectricmelsec_iq-fx5uc-96mt/ds_firmware
-
𝑥
= Vulnerable software versions