CVE-2023-3346
📋 TL;DR
A buffer overflow vulnerability in MITSUBISHI CNC Series allows remote unauthenticated attackers to send specially crafted packets that can cause denial of service or execute arbitrary code. This affects industrial control systems using vulnerable CNC controllers, requiring system reset for recovery after exploitation.
💻 Affected Systems
- MITSUBISHI CNC Series controllers
📦 What is this software?
C80 Firmware by Mitsubishielectric
E70 Firmware by Mitsubishielectric
E80 Firmware by Mitsubishielectric
M70v Firmware by Mitsubishielectric
M720vs 15 Type Firmware by Mitsubishielectric
M720vs Firmware by Mitsubishielectric
M720vw Firmware by Mitsubishielectric
M730vs 15 Type Firmware by Mitsubishielectric
M730vs Firmware by Mitsubishielectric
M730vw Firmware by Mitsubishielectric
M750vs 15 Type Firmware by Mitsubishielectric
M750vs Firmware by Mitsubishielectric
M750vw Firmware by Mitsubishielectric
M80 Firmware by Mitsubishielectric
M800s Firmware by Mitsubishielectric
M800vs Firmware by Mitsubishielectric
M800vw Firmware by Mitsubishielectric
M800w Firmware by Mitsubishielectric
M80v Firmware by Mitsubishielectric
M80vw Firmware by Mitsubishielectric
M80w Firmware by Mitsubishielectric
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, production disruption, and potential physical damage to manufacturing equipment.
Likely Case
Denial of service causing production downtime and requiring physical system reset to restore operations.
If Mitigated
Limited impact if network segmentation prevents direct access to vulnerable controllers.
🎯 Exploit Status
Remote unauthenticated exploitation via network packets; complexity is low due to buffer overflow nature.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to vendor advisory for specific firmware updates
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf
Restart Required: Yes
Instructions:
1. Download firmware update from Mitsubishi Electric support portal. 2. Follow vendor's firmware update procedure for CNC controllers. 3. Verify successful update and restart affected systems.
🔧 Temporary Workarounds
Network Segmentation
allIsolate CNC controllers from untrusted networks using firewalls and VLANs.
Access Control Lists
allImplement strict network ACLs to allow only trusted IP addresses to communicate with CNC controllers.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate CNC controllers from all untrusted networks.
- Deploy intrusion detection systems to monitor for exploitation attempts and anomalous network traffic.
🔍 How to Verify
Check if Vulnerable:
Check CNC controller firmware version against vulnerable versions listed in vendor advisory.Check Version:
Check firmware version via CNC controller interface or maintenance tools (vendor-specific).Verify Fix Applied:
Verify firmware version has been updated to patched version specified in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unusual network connection attempts to CNC controller ports
- System crash or reset logs
Network Indicators:
- Malformed packets sent to CNC controller network services
- Traffic patterns matching exploit signatures
SIEM Query:
source_ip=* AND dest_port=[CNC_PORT] AND packet_size>normal AND protocol=TCP/UDP🔗 References
- https://jvn.jp/vu/JVNVU90352157/index.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf
- https://jvn.jp/vu/JVNVU90352157/index.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-007_en.pdf
