CVE-2023-1424

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules versions 1.220 through 1.260 Mitsubishi Electric Corporation MELSEC iQ-R Series CPU modules (affected versions not specified)

Description The issue is caused by a buffer copy without checking the size of the input, leading to a classic buffer overflow. This allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.

Recommendations For Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules versions 1.220 through 1.260, update to a version that is not affected by this issue. For Mitsubishi Electric Corporation MELSEC iQ-R Series CPU modules, at the moment, there is no information about a newer version that contains a fix for this vulnerability.