CVE-2023-1285

CVSS V2 None CVSS V3 None
Description
Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.
Overview
  • CVE ID
  • CVE-2023-1285
  • Assigner
  • Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-14T03:15:07
  • Last Modified Date
  • 2023-04-24T13:22:28
Weakness Enumerations
CWE URL
CWE-362 http://cwe.mitre.org/data/definitions/362.html
CWE-364 http://cwe.mitre.org/data/definitions/364.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:mitsubishielectric:gc-enet-com_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:gc-enet-com:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://mitsubishielectric.in/fa/cnc-pdf/DoS_in_Ethernet_Communication_Extension_Unit_GC_ENET_COM_of_GOC35_Series.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-15
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-1285
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1285
History
Created Old Value New Value Data Type Notes
2023-04-17 04:42:37 Added to TrackCVE
2023-04-17 04:42:40 Weakness Enumeration new
2023-04-19 11:00:41 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-24 14:00:51 2023-04-24T13:22:28 CVE Modified Date updated
2023-04-24 14:00:51 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-24 14:01:03 Weakness Enumeration update
2023-04-24 14:01:06 CPE Information updated