CVE-2023-1424
high-risk
Published 2023-05-24
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
Do I need to act?
~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Melsec Iq-Fx5U-32Mr\/Ds Firmware
Melsec Iq-Fx5U-32Mr\/Dss Firmware
Melsec Iq-Fx5U-32Mr\/Es Firmware
Melsec Iq-Fx5U-32Mr\/Ess Firmware
Melsec Iq-Fx5U-32Mt\/Ds Firmware
Melsec Iq-Fx5U-32Mt\/Dss Firmware
Melsec Iq-Fx5U-32Mt\/Es Firmware
Melsec Iq-Fx5U-32Mt\/Ess Firmware
Melsec Iq-Fx5U-64Mr\/Ds Firmware
Melsec Iq-Fx5U-64Mr\/Dss Firmware
Melsec Iq-Fx5U-64Mr\/Es Firmware
Melsec Iq-Fx5U-64Mr\/Ess Firmware
Melsec Iq-Fx5U-64Mt\/Ds Firmware
Melsec Iq-Fx5U-64Mt\/Dss Firmware
Melsec Iq-Fx5U-64Mt\/Es Firmware
Melsec Iq-Fx5U-64Mt\/Ess Firmware
Melsec Iq-Fx5U-80Mr\/Ds Firmware
Melsec Iq-Fx5U-80Mr\/Dss Firmware
Melsec Iq-Fx5U-80Mr\/Es Firmware
Melsec Iq-Fx5U-80Mr\/Ess Firmware
Affected Vendors
References (7)
Third Party Advisory
https://jvn.jp/vu/JVNVU94650413
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03
Third Party Advisory
https://jvn.jp/vu/JVNVU94650413
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03
64
/ 100
high-risk
Severity
33/34 · Critical
Exploitability
7/34 · Low
Exposure
24/34 · High