Mitsubishi Electric CNC Series (Update E)

Act Now9.8ICS-CERT ICSA-23-208-03Jul 27, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Buffer overflow vulnerability (CWE-120) in Mitsubishi Electric CNC controllers. A remote attacker can send specially crafted packets to trigger a denial-of-service condition or execute arbitrary code on the device. System reset is required for recovery. Affected products include M800 series, M700 series, E-series, and C-series CNC controllers, as well as Remote Service Gateway and Data Acquisition units used for remote access and diagnostics.

What this means

What could happen

An attacker with network access to a vulnerable CNC controller could execute arbitrary code on the device, allowing them to alter machine tool movements, feed rates, or spindle settings, or cause the controller to reset and halt production until manually recovered.

Who's at risk

Machine tool operators and maintenance staff at manufacturing facilities that use Mitsubishi Electric CNC controllers (M-series, E-series, C-series models). These are commonly found in automotive, aerospace, and precision manufacturing operations. The Remote Service Gateway and Data Acquisition Units are also affected, which may be used by integrators and Mitsubishi support staff.

How it could be exploited

An attacker sends specially crafted packets over the network to the CNC controller's listening port. The vulnerability (CWE-120, buffer overflow) allows the malicious packet to overwrite memory and execute code or crash the device. No authentication is required.

Prerequisites

Network access to the CNC controller on its management or control port
CNC controller must be running a vulnerable firmware version (A8 or earlier for M-series, FB or earlier for certain models, LF or earlier for legacy models)

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects critical production equipmentno fix available for Data Acquisition Unit (all versions)buffer overflow defect

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (18)

17 with fix1 EOL

ProductAffected VersionsFix Status

M800VW (BND-2051W000-**): <=A8≤ A8A9 or later

M800VS (BND-2052W000-**): <=A8≤ A8A9 or later

M80V (BND-2053W000-**): <=A8≤ A8A9 or later

M800W (BND-2005W000-**): <=FB≤ FBFC or later

M800S (BND-2006W000-**): <=FB≤ FBFC or later

Remediation & Mitigation

0/10

Do now

0/2

WORKAROUNDFor Data Acquisition Unit: no patch is available; apply network isolation controls

WORKAROUNDBlock network access to the CNC controller from untrusted networks and the internet using firewall rules

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate M800VW, M800VS, M80V, M80VW firmware to version A9 or later

HOTFIXUpdate M800W, M800S, M80, M80W, E80 firmware to version FC or later

HOTFIXUpdate C80 firmware to version BG or later

HOTFIXUpdate M750VW, M730VW, M720VW, M750VS, M730VS, M720VS, M70V, E70 firmware to version LG or later

HOTFIXUpdate Remote Service Gateway Unit firmware to version AE or later

Mitigations - no patch available

0/3

Data Acquisition Unit (BND-2041W002-**): vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict CNC controller access to a dedicated LAN isolated from office/internet networks

HARDENINGRestrict physical access to the CNC controller and the network it is connected to

HARDENINGInstall anti-virus software on any PC that can access the CNC controller

CVEs (1)

CVE-2023-3346

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close