VYPR
← All advisories
Unrated severityNVD Advisory· Published May 24, 2023· Updated Mar 5, 2025

Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module

CVE-2023-1424

Description

Buffer overflow in Mitsubishi Electric MELSEC iQ-F and iQ-R CPU modules allows remote unauthenticated attackers to cause DoS or execute code via specially crafted packets.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Mitsubishi Electric MELSEC iQ-F and iQ-R CPU modules allows remote unauthenticated attackers to cause DoS or execute code via specially crafted packets.

Vulnerability

A classic buffer overflow vulnerability (CWE-120) exists in the packet handling of Mitsubishi Electric MELSEC iQ-F Series and MELSEC iQ-R Series CPU modules [1][2]. Affected MELSEC iQ-F Series models include FX5U and FX5UC with serial numbers 17X**** or later running firmware versions 1.220 through 1.281. Affected MELSEC iQ-R Series models include R00/01/02CPU (firmware version 35 and earlier), R04/08/16/32/120(EN)CPU (firmware versions 12 to 68), R08/16/32/120SFCPU (firmware versions 26 to 31), and R08/16/32/120PCPU (firmware versions 3 to 37) [1][2].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted packets to the target CPU module [1][2]. No user interaction or prior authentication is required. The attacker does not need any special network position beyond reachability to the device. The crafted packets trigger a buffer copy without proper size checking, leading to a buffer overflow [1]. According to the vendor, executing arbitrary programs requires detailed knowledge of the product's internal structure and is not easily achieved [1].

Impact

Successful exploitation can cause a denial-of-service (DoS) condition, requiring a system reset of the product for recovery [1][2]. In a more severe scenario, the attacker may execute malicious code on the target device, potentially compromising its integrity and confidentiality [1][2]. The CVSS v3 base score is 10.0 (Critical) [2].

Mitigation

Mitsubishi Electric has released firmware updates to address this vulnerability [1][2]. Users should contact their local Mitsubishi Electric representative or refer to the vendor's advisory for specific fixed firmware versions. No workarounds are available. For recovery from a DoS or code execution, a system reset is required [1]. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. JVNVU#94650413: 三菱電機製MELSECシリーズのCPUユニットにおけるバッファオーバーフローの脆弱性
  2. Mitsubishi Electric MELSEC Series CPU Module (Update D) | CISA

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

49
  • Mitsubishielectric/MELSEC iQ-F Series CPU modulellm-fuzzy
  • Mitsubishielectric/MELSEC iQ-F Series FX5-ENETcpe-rescue21 versions
    Serial number 17X**** or later, versions from 1.220 to 1.281+ 20 more
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
    • (no CPE)range: Serial number 17X**** or later, versions from 1.220 to 1.281
  • Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5UC-32MR/DS-TSv5
    Range: versions from 1.220 to 1.281
  • Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5UC-32MT/DSSv5
    Range: Serial number 17X**** or later, versions from 1.220 to 1.281
  • Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5UC-32MT/DSS-TSv5
    Range: versions from 1.220 to 1.281
  • Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5UC-32MT/DS-TSv5
    Range: versions from 1.220 to 1.281
  • Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5UC-64MT/DSSv5
    Range: Serial number 17X**** or later, versions from 1.220 to 1.281
  • Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5UC-96MT/DSSv5
    Range: Serial number 17X**** or later, versions from 1.220 to 1.281
  • Mitsubishielectric/MELSEC iQ-R Seriescpe-rescue21 versions
    versions 35 and prior+ 20 more
    • (no CPE)range: versions 35 and prior
    • (no CPE)range: versions 35 and prior
    • (no CPE)range: versions 35 and prior
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 3 to 37
    • (no CPE)range: versions from 26 to 31
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 3 to 37
    • (no CPE)range: versions from 26 to 31
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 3 to 37
    • (no CPE)range: versions from 26 to 31
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 12 to 68
    • (no CPE)range: versions from 3 to 37
    • (no CPE)range: versions from 26 to 31

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.