CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU96145466/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf

Configurations

No configuration.

History

28 Feb 2024, 01:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01 -

27 Feb 2024, 14:20

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de grupo de recursos insuficiente en la función Ethernet de los módulos de CPU de la serie MELSEC iQ-F de Mitsubishi Electric Corporation permite que un atacante remoto cause una condición de denegación de servicio temporal durante un cierto período de tiempo en la comunicación Ethernet de los productos mediante la realización de un ataque TCP SYN Flood.

27 Feb 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 04:15

Updated : 2024-02-28 01:15

NVD link : CVE-2023-7033

Mitre link : CVE-2023-7033

CVE.ORG link : CVE-2023-7033

JSON object : View

Products Affected

No product.

CWE

CWE-410

Insufficient Resource Pool

5.3 /10