IM
IronMonkey Threat Research

CVE-2024-7316 MEDIUM

Published: 2024-10-17 | Last Modified: 2026-04-15 | Status: Deferred

Description

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.

Additional Descriptions (1)

La vulnerabilidad de validación incorrecta de la cantidad especificada en la entrada en la serie CNC de Mitsubishi Electric permite que un atacante remoto no autenticado provoque una condición de denegación de servicio (DoS) en el producto al enviar paquetes especialmente manipulados al puerto TCP 683, lo que provoca una parada de emergencia.

CVSS Metrics

Base Score: 5.9 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 2.2

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-1284
Notification
Message here