CVE-2023-1424

Published: May 24, 2023

Modified: Mar 5, 2025

PUBLISHED

CVSS v3.1

10.0

CRITICAL

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.

Vendor	Product	Versions
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/ES	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/ES	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MT/ES	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MR/ES	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MR/ES	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MR/ES	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/DS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/DS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MT/DS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MR/DS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MR/DS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MR/DS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/ESS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/ESS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MT/ESS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/DSS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/DSS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MT/DSS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/D	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-64MT/D	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-96MT/D	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/DSS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-64MT/DSS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-96MT/DSS	affected `Serial number 17X**** or later, versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/DS-TS	affected `versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/DSS-TS	affected `versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MR/DS-TS	affected `versions from 1.220 to 1.281`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R00CPU	affected `versions 35 and prior`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R01CPU	affected `versions 35 and prior`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R02CPU	affected `versions 35 and prior`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R04CPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R08CPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R16CPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R32CPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R120CPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R04ENCPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R08ENCPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R16ENCPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R32ENCPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R120ENCPU	affected `versions from 12 to 68`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R08SFCPU	affected `versions from 26 to 31`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R16SFCPU	affected `versions from 26 to 31`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R32SFCPU	affected `versions from 26 to 31`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R120SFCPU	affected `versions from 26 to 31`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R08PCPU	affected `versions from 3 to 37`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R16PCPU	affected `versions from 3 to 37`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R32PCPU	affected `versions from 3 to 37`
Mitsubishi Electric Corporation	MELSEC iQ-R Series R120PCPU	affected `versions from 3 to 37`

Weaknesses (CWE)

CWE-120

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf

https://jvn.jp/vu/JVNVU94650413

https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-1424

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References