CVE-2023-1424

Name: CVE-2023-1424
Creator: NVD / NIST
Published: 2023-05-24T05:15:08.78+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 3.44%

Last modified Jun 17, 2026

CVE-2023-1424 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.. EPSS estimates a 3.44% chance of exploitation in the next 30 days.

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.44%

87.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Dss Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Es Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Ess Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Dss Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Es Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Ess Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Dss Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Es Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Ess Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Dss Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Es Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Ess Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Dss Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Es Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Ess Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Dss Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Es Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Ess Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-32mr\/Dds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-32mr\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-32mr\/Ds-Ts Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-32mt\/Dds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-32mt\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-32mt\/Dss-Ts Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-32mt\/Ds-Ts Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-64mr\/Dds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-64mr\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-64mt\/Dds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-64mt\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-96mr\/Dds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-96mr\/Ds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-96mt\/Dds Firmware	All versions
Mitsubishielectric	Melsec Iq-Fx5uc-96mt\/Ds Firmware	All versions

References

https://jvn.jp/vu/JVNVU94650413Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03Third Party Advisory, US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdfPatch, Vendor Advisory
https://jvn.jp/vu/JVNVU94650413Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03Third Party Advisory, US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdfPatch, Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727

Timeline

Published: May 24, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-1424?

How severe is CVE-2023-1424?

CVE-2023-1424 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 3.44% probability of exploitation in the next 30 days.

How do I fix CVE-2023-1424?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-1424?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST