OTPulse
FeedAboutContact

Mitsubishi Electric Electrical discharge machines

Act Now9.8ICS-CERT ICSA-24-051-03Feb 20, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Mitsubishi Electric EDM (electrical discharge machine) D-CUBES control systems (CWE-20: improper input validation) allows unauthenticated attackers to gain code execution and control the machine. Affected products include Wire-cut EDM MP, MX, and MV series, and Sinker EDM SV-P and SG series machines. An attacker can disclose, tamper with, or destroy data on the machine, or cause a denial-of-service condition. Mitsubishi Electric recommends installing Special Modification Patch BRD-C62W003-A0 on Standard system controllers (BRD-B60W000 and BRD-M60W000), but has not released fixes for Special system controllers (BRD-B63W000, BRD-M63W000). Mitigations include firewall restrictions, network segmentation, physical access controls, and antivirus deployment on connected computers.

What this means
What could happen
An attacker with network access to an affected Mitsubishi Electric EDM machine could run arbitrary code on the device, potentially altering cutting parameters, stopping production, or corrupting tool data. This could cause product defects, equipment damage, or extended downtime.
Who's at risk
Manufacturers operating Mitsubishi Electric wire-cut EDM (MP, MX, MV series) and sinker EDM (SV-P, SG series) machines with D-CUBES control systems should be concerned. This affects precision manufacturing facilities that use these machines for metal cutting and component finishing.
How it could be exploited
An attacker on the network reaches the EDM machine's control interface (D-CUBES system) without authentication, sends a crafted input, and gains code execution. The attacker can then issue commands to alter machine setpoints, disable safety interlocks, or erase configuration data.
Prerequisites
  • Network access to the EDM machine control port or interface
  • No credentials required to trigger the vulnerability
Remotely exploitableNo authentication requiredLow complexityHigh EPSS score (92.2%)No patch available for many affected versionsAffects industrial production equipment
Exploitability
High exploit probability (EPSS 92.2%)
Affected products (32)
32 pending
ProductAffected VersionsFix Status
Wire-cut EDM MP Series MP4800 D-CUBES Series Special system BRD-B63W000 to W036: vers:all/*All versionsNo fix yet
Wire-cut EDM MX Series MX900 D-CUBES Series Standard system BRD-B60W000: <=B13__without_Special_Modification_Patch_BRD-C62W003-A0_installed≤ B13 without Special Modification Patch BRD-C62W003-A0 installedNo fix yet
Wire-cut EDM MX Series MX2400 D-CUBES Series Standard system BRD-B60W000: <=B13__without_Special_Modification_Patch_BRD-C62W003-A0_installed≤ B13 without Special Modification Patch BRD-C62W003-A0 installedNo fix yet
Wire-cut EDM MX Series MX900 D-CUBES Series Special system BRD-B63W000 to W036: vers:all/*All versionsNo fix yet
Wire-cut EDM MX Series MX2400 D-CUBES Series Special system BRD-B63W000 to W036: vers:all/*All versionsNo fix yet
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDImplement network-based firewall rules to restrict access to EDM machine control interfaces from untrusted networks and hosts
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXInstall Mitsubishi Electric Special Modification Patch BRD-C62W003-A0 on all affected Standard system controllers
HARDENINGDeploy anti-virus and endpoint detection software on all computers that can communicate with the EDM machines
Long-term hardening
0/2
HARDENINGRestrict physical access to affected EDM machines and connected workstations to authorized personnel only
HARDENINGSegment EDM machines and engineering workstations from general corporate network using VLAN or air-gapped controls network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ef80219f-b8f1-436c-b77a-a46c3fc499bc