CVE-2023-7033

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R series CPU module (affected versions not specified) MELSEC iQ-L series CPU module (affected versions not specified) MELSEC iQ-R Ethernet Interface Module (affected versions not specified) MELSEC iQ-R CC-Link IE TSN Master/Local Module (affected versions not specified) CC-Link IE TSN Remote I/O Module (affected versions not specified) CC-Link IE TSN Analog-Digital Converter Module (affected versions not specified) CC-Link IE TSN Digital-Analog Converter Module (affected versions not specified) CC-Link IE TSN - CC-Link IE Field Network Bridge Module (affected versions not specified) CC-Link IE TSN - AnyWireASLINK Bridge Module (affected versions not specified) CC-Link IE TSN FPGA Module (affected versions not specified) CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY (affected versions not specified) MELSEC iQ-R Motion Module (affected versions not specified) MELSEC iQ-L Motion Module (affected versions not specified) MELSEC iQ-F FX5 Motion Module (affected versions not specified) MELSEC iQ-F Series CPU module (affected versions not specified) MELSEC iQ-F Series Ethernet module (affected versions not specified) MELSEC iQ-F Series Ethernet/IP module (affected versions not specified) MELSEC iQ-F Series OPC UA Module (affected versions not specified) MELSEC iQ-F Series CC-Link IE TSN master/local module (affected versions not specified) GOT2000 Series CC-Link IE TSN Communication Unit (affected versions not specified) FR-A800-E series inverters (affected versions not specified) FR-F800-E series inverters (affected versions not specified) FR-E800-E series inverters (affected versions not specified) INVERTER CC-Link IE TSN Plug-in option (affected versions not specified) INVERTER CC-Link IE TSN Safety Plug-in option (affected versions not specified) INVERTER CC-Link IE TSN communication function built-in type (affected versions not specified) MR-J5 series AC Servos MELSERVO (affected versions not specified) MR-JET series AC Servos MELSERVO (affected versions not specified) MR-MD333G series AC Servos MELSERVO (affected versions not specified) MR-JE series AC Servos MELSERVO (affected versions not specified) MELSERVO-J4 AC Servos MELSERVO (affected versions not specified) Embedded Type Servo System Controller (affected versions not specified)

Description The issue is related to an Insufficient Resource Pool vulnerability in the Ethernet function of various Mitsubishi Electric Corporation products. This vulnerability allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing a TCP SYN Flood attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.