Mitsubishi Electric CNC Series (Update C)

MonitorCVSS 5.9ICS-CERT ICSA-24-291-03Oct 17, 2024

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Denial-of-service vulnerability in Mitsubishi Electric CNC Series controllers. An unauthenticated remote attacker can send a specially crafted packet to cause the device to become unresponsive, stopping machine operations. Affected product lines include M800VW, M800VS, M80V, M80VW, M800W, M800S, M80, M80W, E80, C80, M750VW, M730VW, M720VW, M750VS, M730VS, M720VS, M70V, E70, NC Trainer2, and NC Trainer2 plus controllers. NC Trainer2 and NC Trainer2 plus (all versions) have no fix available and will not be patched.

What this means

What could happen

An unauthenticated attacker on the network could stop a CNC machine by causing a denial-of-service condition, halting production until the machine is manually recovered.

Who's at risk

Manufacturing and energy sector operators who use Mitsubishi Electric CNC Series controllers (M800, M80, E80, C80, M750, M730, M720, M70, E70, and NC Trainer2 models). This affects machine tool operators, precision manufacturing facilities, and energy equipment control systems that rely on these CNC controllers for operations.

How it could be exploited

An attacker with network access to the CNC controller sends a specially crafted packet to the device on its control port (likely port 8899 or similar, depending on configuration). The device processes the malformed input and crashes or enters an unresponsive state, stopping machine operations.

Prerequisites

Network access to the CNC device on its command port
No authentication required
CNC device reachable from an untrusted network segment

remotely exploitableno authentication requiredlow complexityno patch available for NC Trainer2 models (end-of-life products)affects operational equipment (CNC machines)

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (18)

18 pending

ProductAffected VersionsFix Status

M800VW (BND-2051W000-** ): <=B1≤ B1No fix yet

M800VS (BND-2052W000-** ): <=B1≤ B1No fix yet

M80V (BND-2053W000-** ): <=B1≤ B1No fix yet

M80VW (BND-2054W000-** ): <=B1≤ B1No fix yet

M800W (BND-2005W000-** ): <=FH≤ FHNo fix yet

Remediation & Mitigation

0/20

Do now

0/3

HARDENINGConfigure IP filter function on M800V/M80V and M800/M80/E80 series to block access from untrusted hosts (see product manuals for IP Address Filter Setting)

HARDENINGRestrict CNC device access to trusted networks only; block unauthorized access from the internet and untrusted network segments using firewall rules

WORKAROUNDUse a VPN or firewall to prevent direct internet access to CNC devices if remote access is required

Schedule — requires maintenance window

0/16

Patching may require device reboot — plan for process interruption

Long-term hardening

0/1

HARDENINGRestrict physical access to affected CNC devices and the LAN segments to which they are connected

CVEs (1)

CVE-2024-7316

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a6894a9f-b664-4583-ad17-9257d2591b0e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.