CVE-2023-4699

CRITICAL

Mitsubishielectric Fx3u-32mt/es Firmware - Missing Authentication

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4699. PoCs published by Scottzxor.

AI-analyzed exploit summary The repository contains only a README with a brief description of CVE-2023-4699 but no actual exploit code or technical details. It claims to approximate the vulnerability but lacks implementation.

Description

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.

Exploits (1)

nomisec STUB 1 stars

by Scottzxor · poc

https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo

View Code ZIP pw:eip

The repository contains only a README with a brief description of CVE-2023-4699 but no actual exploit code or technical details. It claims to approximate the vulnerability but lacks implementation.

Classification

Stub 90%

Attack Type

Info Leak

Complexity

Theoretical

Reliability

Theoretical

Target: Citrix NetScaler ADC and Gateway

No auth needed

Prerequisites: None specified

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf

Third Party Advisory government-resource

https://jvn.jp/vu/JVNVU94620134/

Third Party Advisory, US Government Resource government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03

Scores

CVSS v3 10.0

EPSS 0.0075

EPSS Percentile 49.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-345 CWE-306

Status published

Products (50)

mitsubishielectric/fx3g-14mr\/ds_firmware

mitsubishielectric/fx3g-14mr\/es-a_firmware

mitsubishielectric/fx3g-14mr\/es_firmware

mitsubishielectric/fx3g-14mt\/ds_firmware

mitsubishielectric/fx3g-14mt\/dss_firmware

mitsubishielectric/fx3g-14mt\/es-a_firmware

mitsubishielectric/fx3g-14mt\/es_firmware

mitsubishielectric/fx3g-14mt\/ess_firmware

mitsubishielectric/fx3g-24mr\/ds_firmware

mitsubishielectric/fx3g-24mr\/es-a_firmware

... and 40 more

Published Nov 06, 2023

Tracked Since Feb 18, 2026