CVE-2023-4699

high-risk
Published 2023-11-06

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.

Do I need to act?

-
0.91% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Fx3U-32Mt\/Es Firmware
Fx3U-48Mt\/Es Firmware
Fx3U-64Mt\/Es Firmware
Fx3U-80Mt\/Es Firmware
Fx3U-128Mt\/E Firmware
Fx3U-16Mt\/Es Firmware
Fx3U-16Mr\/Es Firmware
Fx3U-32Mr\/Es Firmware
Fx3U-48Mr\/Es Firmware
Fx3U-64Mr\/Es Firmware
Fx3U-80Mr\/Es Firmware
Fx3U-128Mr\/Es Firmware
Fx3U-16Mt\/Ess Firmware
Fx3U-32Mt\/Ess Firmware
Fx3U-48Mt\/Ess Firmware
Fx3U-64Mt\/Ess Firmware
Fx3U-80Mt\/Ess Firmware
Fx3U-128Mt\/Ess Firmware
Fx3U-16Mt\/Ds Firmware
Fx3U-32Mt\/Ds Firmware

Affected Vendors

Mitsubishielectric

References (6)

Third Party Advisory https://jvn.jp/vu/JVNVU94620134/
Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03
Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf
Third Party Advisory https://jvn.jp/vu/JVNVU94620134/
Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03
Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf
69
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 3/34 · Minimal
Exposure 33/34 · Critical