CVE-2023-3346— Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-3346
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series
Source: NVD (National Vulnerability Database)
Vulnerability Description
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mitsubishi Electric CNC Series 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mitsubishi Electric CNC Series是日本三菱电机(Mitsubishi Electric)公司的一系列数控控制系统。 Mitsubishi Electric CNC Series存在安全漏洞,该漏洞源于缓冲区复制时未检查输入大小。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-3346
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-3346
请登录查看更多情报信息。
- https://jvn.jp/vu/JVNVU90352157/index.htmlgovernment-resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03government-resource
- https://nvd.nist.gov/vuln/detail/CVE-2023-3346
Same Patch Batch · Mitsubishi Electric Corporation · 2023-08-03 · 3 CVEs total
| CVE-2023-0525 | 7.5 HIGH | Mitsubishi Electric GOT2000 加密问题漏洞 |
| CVE-2023-3373 | 5.9 MEDIUM | Mitsubishi Electric GOT2000 安全特征问题漏洞 |
IV. Related Vulnerabilities
Same vendor: Mitsubishi Electric Corporation
- CVE-2025-14816
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2025-14815
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2025-2399
Denial of Service (DoS) Vulnerability in Mitsubishi Electric - CVE-2026-1876
Denial-of-Service (DoS) vulnerability in Ethernet function o - CVE-2026-1875
Denial-of-Service (DoS) vulnerability in Ethernet function o
Same weakness: CWE-120
- CVE-2026-8260
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings - CVE-2026-8137
Totolink X5000R formDdns sub_458E40 buffer overflow - CVE-2026-6691
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow - CVE-2026-7857
D-Link DI-8100 CGI user_group.asp sprintf buffer overflow - CVE-2026-7856
D-Link DI-8100 Web Management url_member.asp buffer overflow
V. Comments for CVE-2023-3346
No comments yet