CVE-2023-3346

Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 1.04% Top 25%
Vendor Advisory mitsubishielectric.com
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M800V Series M800VW
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M800V Series M800VS
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M80V Series M80V
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M80V Series M80VW
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M800 Series M800W
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M800 Series M800S
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M80 Series M80
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M80 Series M80W
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC E80 Series E80
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC C80 Series C80
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M720VW
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M730VW
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M750VW
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M720VS
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M730VS
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M750VS
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC M70V Series M70V
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC E70 Series E70
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC IoT Unit Remote Service Gateway Unit
Affected: Mitsubishi Electric Corporation MITSUBISHI CNC IoT Unit Data Acquisition Unit
Published at:
Updated at:

References

Link Tags
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf vendor advisory
https://jvn.jp/vu/JVNVU90352157/index.html third party advisory government resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03 government resource third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2023-3346?
CVE-2023-3346 has been scored as a critical severity vulnerability.
How to fix CVE-2023-3346?
To fix CVE-2023-3346, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-3346 being actively exploited in the wild?
It is possible that CVE-2023-3346 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3346?
CVE-2023-3346 affects Mitsubishi Electric Corporation MITSUBISHI CNC M800V Series M800VW, Mitsubishi Electric Corporation MITSUBISHI CNC M800V Series M800VS, Mitsubishi Electric Corporation MITSUBISHI CNC M80V Series M80V, Mitsubishi Electric Corporation MITSUBISHI CNC M80V Series M80VW, Mitsubishi Electric Corporation MITSUBISHI CNC M800 Series M800W, Mitsubishi Electric Corporation MITSUBISHI CNC M800 Series M800S, Mitsubishi Electric Corporation MITSUBISHI CNC M80 Series M80, Mitsubishi Electric Corporation MITSUBISHI CNC M80 Series M80W, Mitsubishi Electric Corporation MITSUBISHI CNC E80 Series E80, Mitsubishi Electric Corporation MITSUBISHI CNC C80 Series C80, Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M720VW, Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M730VW, Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M750VW, Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M720VS, Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M730VS, Mitsubishi Electric Corporation MITSUBISHI CNC M700V Series M750VS, Mitsubishi Electric Corporation MITSUBISHI CNC M70V Series M70V, Mitsubishi Electric Corporation MITSUBISHI CNC E70 Series E70, Mitsubishi Electric Corporation MITSUBISHI CNC IoT Unit Remote Service Gateway Unit, Mitsubishi Electric Corporation MITSUBISHI CNC IoT Unit Data Acquisition Unit.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.