CVE-2023-4699
CVE-2023-4699 is a critical-severity vulnerability in Mitsubishielectric Fx3u-32mt/es Firmware with a CVSS 3.x base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-306.
Key facts
- Severity: Critical (CVSS 3.x base score 10.0)
- EPSS exploit prediction: 1% (50th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-306
- Affected product: Mitsubishielectric Fx3u-32mt/es Firmware
- Published:
- Last modified:
Description
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.
Frequently asked questions
- What is CVE-2023-4699?
- Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.
- How severe is CVE-2023-4699?
- CVE-2023-4699 has a CVSS 3.x base score of 10.0, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2023-4699 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (50th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-4699?
- CVE-2023-4699 primarily affects Mitsubishielectric Fx3u-32mt/es Firmware. In total, 216 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2023-4699?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2023-4699 published?
- CVE-2023-4699 was published on 2023-11-06 and last updated on 2026-06-17.
References
- https://jvn.jp/vu/JVNVU94620134/
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf
Affected products (216)
- cpe:2.3:o:mitsubishielectric:fx3u-32mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-48mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-80mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-128mt\/e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-16mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-16mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-32mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-48mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-80mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-128mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-16mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-32mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-48mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-80mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-128mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-16mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-32mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-48mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-80mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-128mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-16mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-32mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-48mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-80mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-128mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-16mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-32mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-48mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-80mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-128mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-32mr\/ua1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64mr\/ua1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-32ms\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx3u-64ms\/es_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Mitsubishielectric Fx3u-32mt/es Firmware
- CVE-2023-4562 — Critical (CVSS 9.1): Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote…
- CVE-2023-2846 — High (CVSS 7.5): Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main…
All CVEs affecting Mitsubishielectric Fx3u-32mt/es Firmware →
Other CWE-306 (Missing Authentication for Critical Function) vulnerabilities
- CVE-2026-54309 — Critical (CVSS 10.0): n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP…
- CVE-2026-50242 — Critical (CVSS 10.0): In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429…
- CVE-2026-49257 — Critical (CVSS 10.0): mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1…
- CVE-2026-46846 — Critical (CVSS 10.0): Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).…
- CVE-2026-46803 — Critical (CVSS 10.0): Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).…
- CVE-2026-46800 — Critical (CVSS 10.0): Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).…
Browse all CWE-306 (Missing Authentication for Critical Function) vulnerabilities →