CVE-2023-1424

Summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-32MT/ESSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-64MT/ESSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-80MT/ESSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-32MR/ESSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-64MR/ESSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-80MR/ESSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-32MT/DSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-64MT/DSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-80MT/DSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-32MR/DSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-64MR/DSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-80MR/DSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-32MT/ESSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-64MT/ESSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-80MT/ESSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-32MT/DSSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-64MT/DSSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5U-80MT/DSSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-32MT/DSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-64MT/DSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-96MT/DSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-32MT/DSSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-64MT/DSSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-96MT/DSSSerial number 17X**** or later, versions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-32MT/DS-TSversions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-32MT/DSS-TSversions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5UC-32MR/DS-TSversions from 1.220 to 1.281affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R00CPUversions 35 and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R Series R01CPUversions 35 and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R Series R02CPUversions 35 and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R Series R04CPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R08CPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R16CPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R32CPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R120CPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R04ENCPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R08ENCPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R16ENCPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R32ENCPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R120ENCPUversions from 12 to 68affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R08SFCPUversions from 26 to 31affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R16SFCPUversions from 26 to 31affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R32SFCPUversions from 26 to 31affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R120SFCPUversions from 26 to 31affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R08PCPUversions from 3 to 37affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R16PCPUversions from 3 to 37affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R32PCPUversions from 3 to 37affected
Mitsubishi Electric CorporationMELSEC iQ-R Series R120PCPUversions from 3 to 37affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References