CVE-2023-1424 CRITICAL

CVE-2023-1424: Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module

Vendor Mitsubishi Electric Corporation
Product MELSEC iQ-F Series FX5U-32MT/ES
Weakness CWE-120
Published May 24, 2023
Last update March 5, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.

Key dates

02Disclosure timeline

May 24, 2023 CVE published
March 5, 2025 Record updated