{"vulnerability": "CVE-2023-4699", "sightings": [{"uuid": "a31cc419-eac8-4cda-a82a-5247ab0e193c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4699", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5856", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aThis code functionally approximates the Citrix Bleed vulnerability (CVE-2023-4699).\nURL\uff1ahttps://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-17T20:16:19.000000Z"}, {"uuid": "975d8bd2-8f85-4f97-9241-512aff58e8af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4699", "type": "seen", "source": "https://t.me/cibsecurity/73588", "content": "\u203c CVE-2023-4699 \u203c\n\nInsufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-06T12:25:53.000000Z"}, {"uuid": "002ac342-4b3f-4681-9dc0-babe7b6f3997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-46998", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9604", "content": "#exploit\n1. CVE-2023-50071:\nMultiple SQL injection in Customer Support System 1.0\nhttps://github.com/geraldoalcantara/CVE-2023-50071\n\n2. CVE-2023-46998:\nCross Site Scripting in Bootbox.js 3.2-6.0\nhttps://github.com/soy-oreocato/CVE-2023-46998", "creation_timestamp": "2023-12-17T12:43:01.000000Z"}, {"uuid": "fde28692-7f4e-43b4-b4ae-a7cc8404bbed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-46998", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2285", "content": "#exploit\n1. CVE-2023-50071:\nMultiple SQL injection in Customer Support System 1.0\nhttps://github.com/geraldoalcantara/CVE-2023-50071\n\n2. CVE-2023-46998:\nCross Site Scripting in Bootbox.js 3.2-6.0\nhttps://github.com/soy-oreocato/CVE-2023-46998", "creation_timestamp": "2024-08-16T08:57:34.000000Z"}, {"uuid": "5f8b9520-5f6d-42ee-abb0-efc0082564ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4699", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5618", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-4699\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.\n\ud83d\udccf Published: 2023-11-06T05:02:15.543Z\n\ud83d\udccf Modified: 2025-02-26T21:08:34.758Z\n\ud83d\udd17 References:\n1. https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf\n2. https://jvn.jp/vu/JVNVU94620134/\n3. https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03", "creation_timestamp": "2025-02-26T21:25:33.000000Z"}, {"uuid": "156e294c-8609-4ef7-8b63-a1ae44d239dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4699", "type": "seen", "source": "https://t.me/arpsyndicate/563", "content": "#ExploitObserverAlert\n\nCVE-2023-4699\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4699. Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.\n\nFIRST-EPSS: 0.001230000\nNVD-IS: 5.2\nNVD-ES: 3.9", "creation_timestamp": "2023-11-25T02:13:50.000000Z"}]}