CVE-2023-3346 Information

Description

Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition system reset is required for recovery.

Reference

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03 https://jvn.jp/vu/JVNVU90352157/index.html