Strix
26.1K

CVE-2023-4699

CRITICALCVSS 9.1/10EPSS 0.75%

Last modified

CVE-2023-4699 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.. EPSS estimates a 0.75% chance of exploitation in the next 30 days.

Description

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Probability
0.75%

50.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MitsubishielectricFx3u-32mt\/Es FirmwareAll versions
MitsubishielectricFx3u-48mt\/Es FirmwareAll versions
MitsubishielectricFx3u-64mt\/Es FirmwareAll versions
MitsubishielectricFx3u-80mt\/Es FirmwareAll versions
MitsubishielectricFx3u-128mt\/E FirmwareAll versions
MitsubishielectricFx3u-16mt\/Es FirmwareAll versions
MitsubishielectricFx3u-16mr\/Es FirmwareAll versions
MitsubishielectricFx3u-32mr\/Es FirmwareAll versions
MitsubishielectricFx3u-48mr\/Es FirmwareAll versions
MitsubishielectricFx3u-64mr\/Es FirmwareAll versions
MitsubishielectricFx3u-80mr\/Es FirmwareAll versions
MitsubishielectricFx3u-128mr\/Es FirmwareAll versions
MitsubishielectricFx3u-16mt\/Ess FirmwareAll versions
MitsubishielectricFx3u-32mt\/Ess FirmwareAll versions
MitsubishielectricFx3u-48mt\/Ess FirmwareAll versions
MitsubishielectricFx3u-64mt\/Ess FirmwareAll versions
MitsubishielectricFx3u-80mt\/Ess FirmwareAll versions
MitsubishielectricFx3u-128mt\/Ess FirmwareAll versions
MitsubishielectricFx3u-16mt\/Ds FirmwareAll versions
MitsubishielectricFx3u-32mt\/Ds FirmwareAll versions
MitsubishielectricFx3u-48mt\/Ds FirmwareAll versions
MitsubishielectricFx3u-64mt\/Ds FirmwareAll versions
MitsubishielectricFx3u-80mt\/Ds FirmwareAll versions
MitsubishielectricFx3u-128mt\/Ds FirmwareAll versions
MitsubishielectricFx3u-16mr\/Ds FirmwareAll versions
MitsubishielectricFx3u-32mr\/Ds FirmwareAll versions
MitsubishielectricFx3u-48mr\/Ds FirmwareAll versions
MitsubishielectricFx3u-64mr\/Ds FirmwareAll versions
MitsubishielectricFx3u-80mr\/Ds FirmwareAll versions
MitsubishielectricFx3u-128mr\/Ds FirmwareAll versions
MitsubishielectricFx3u-16mt\/Dss FirmwareAll versions
MitsubishielectricFx3u-32mt\/Dss FirmwareAll versions
MitsubishielectricFx3u-48mt\/Dss FirmwareAll versions
MitsubishielectricFx3u-64mt\/Dss FirmwareAll versions
MitsubishielectricFx3u-80mt\/Dss FirmwareAll versions
MitsubishielectricFx3u-128mt\/Dss FirmwareAll versions
MitsubishielectricFx3u-32mr\/Ua1 FirmwareAll versions
MitsubishielectricFx3u-64mr\/Ua1 FirmwareAll versions
MitsubishielectricFx3u-32ms\/Es FirmwareAll versions
MitsubishielectricFx3u-64ms\/Es FirmwareAll versions
MitsubishielectricFx3u-16mt\/Es-A FirmwareAll versions
MitsubishielectricFx3u-32mt\/Es-A FirmwareAll versions
MitsubishielectricFx3u-48mt\/Es-A FirmwareAll versions
MitsubishielectricFx3u-64mt\/Es-A FirmwareAll versions
MitsubishielectricFx3u-80mt\/Es-A FirmwareAll versions
MitsubishielectricFx3u-128mt\/Es-A FirmwareAll versions
MitsubishielectricFx3u-16mr\/Es-A FirmwareAll versions
MitsubishielectricFx3u-32mr\/Es-A FirmwareAll versions
MitsubishielectricFx3u-48mr\/Es-A FirmwareAll versions
MitsubishielectricFx3u-64mr\/Es-A FirmwareAll versions

Showing 50 of 216 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-4699?
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.
How severe is CVE-2023-4699?
CVE-2023-4699 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.75% probability of exploitation in the next 30 days.
How do I fix CVE-2023-4699?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-4699?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST