CVE-2023-4699 PoC — Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA produ

Source

https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo

Associated Vulnerability

Title:Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products (CVE-2023-4699)
Description:Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.

Description

This code functionally approximates the Citrix Bleed vulnerability (CVE-2023-4699).

Readme

# Citrix-Bleed-Buffer-Overread-Demo
This code functionally approximates the Citrix Bleed vulnerability (CVE-2023-4699) of the improper handling of the return value of snprintf in C.

File Snapshot


 [4.0K]  /data/pocs/9b179326bc0c3e608f965ea7e8c0b23ade627fab
├── [1.1K]  CitrixBled
└── [ 182]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!