CVE-2024-7316

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU92054409/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf

Configurations

No configuration.

History

21 Feb 2025, 00:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03', 'source': 'Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp'}~~
Summary		(es) La vulnerabilidad de validación incorrecta de la cantidad especificada en la entrada en la serie CNC de Mitsubishi Electric permite que un atacante remoto no autenticado provoque una condición de denegación de servicio (DoS) en el producto al enviar paquetes especialmente manipulados al puerto TCP 683, lo que provoca una parada de emergencia.

17 Oct 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-17 22:15

Updated : 2025-02-21 00:15

NVD link : CVE-2024-7316

Mitre link : CVE-2024-7316

CVE.ORG link : CVE-2024-7316

JSON object : View

Products Affected

No product.

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

5.9 /10