CVE-2023-3346

Name: CVE-2023-3346
Creator: NVD / NIST
Published: 2023-08-03T05:15:10.603+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.67%

Last modified Jun 17, 2026

CVE-2023-3346 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.. EPSS estimates a 1.67% chance of exploitation in the next 30 days.

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.67%

73.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mitsubishielectric	C80 Firmware	All versions
Mitsubishielectric	E70 Firmware	All versions
Mitsubishielectric	E80 Firmware	All versions
Mitsubishielectric	M70v Firmware	All versions
Mitsubishielectric	M720vs Firmware	All versions
Mitsubishielectric	M720vs 15-Type Firmware	All versions
Mitsubishielectric	M720vw Firmware	All versions
Mitsubishielectric	M730vs Firmware	All versions
Mitsubishielectric	M730vs 15-Type Firmware	All versions
Mitsubishielectric	M730vw Firmware	All versions
Mitsubishielectric	M750vs Firmware	All versions
Mitsubishielectric	M750vs 15-Type Firmware	All versions
Mitsubishielectric	M750vw Firmware	All versions
Mitsubishielectric	M80 Firmware	All versions
Mitsubishielectric	M800s Firmware	All versions
Mitsubishielectric	M800vs Firmware	All versions
Mitsubishielectric	M800vw Firmware	All versions
Mitsubishielectric	M800w Firmware	All versions
Mitsubishielectric	M80v Firmware	All versions
Mitsubishielectric	M80vw Firmware	All versions
Mitsubishielectric	M80w Firmware	All versions

References

https://jvn.jp/vu/JVNVU90352157/index.htmlThird Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03Third Party Advisory, US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdfVendor Advisory
https://jvn.jp/vu/JVNVU90352157/index.htmlThird Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03Third Party Advisory, US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdfVendor Advisory

Timeline

Published: Aug 3, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-3346?

How severe is CVE-2023-3346?

CVE-2023-3346 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.67% probability of exploitation in the next 30 days.

How do I fix CVE-2023-3346?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-3346?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST