CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU96145466/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf
https://jvn.jp/vu/JVNVU96145466/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf

Configurations

No configuration.

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() https://jvn.jp/vu/JVNVU96145466/index.html -~~	() https://jvn.jp/vu/JVNVU96145466/index.html -
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01 -
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf -~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf -

28 Feb 2024, 01:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01 -

27 Feb 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 04:15

Updated : 2024-11-21 08:45

NVD link : CVE-2023-7033

Mitre link : CVE-2023-7033

CVE.ORG link : CVE-2023-7033

JSON object : View

Products Affected

No product.

CWE

CWE-410

Insufficient Resource Pool

{"id": "CVE-2023-7033", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-27T04:15:06.473", "references": [{"url": "https://jvn.jp/vu/JVNVU96145466/index.html", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://jvn.jp/vu/JVNVU96145466/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "description": [{"lang": "en", "value": "CWE-410"}]}], "descriptions": [{"lang": "en", "value": "Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack."}, {"lang": "es", "value": "Vulnerabilidad de grupo de recursos insuficiente en la funci\u00f3n Ethernet de los m\u00f3dulos de CPU de la serie MELSEC iQ-F de Mitsubishi Electric Corporation permite que un atacante remoto cause una condici\u00f3n de denegaci\u00f3n de servicio temporal durante un cierto per\u00edodo de tiempo en la comunicaci\u00f3n Ethernet de los productos mediante la realizaci\u00f3n de un ataque TCP SYN Flood."}], "lastModified": "2024-11-21T08:45:05.300", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}