Mitsubishi Electric CNC Series (Update B)

Plan PatchCVSS 7ICS-CERT ICSA-25-205-01Jul 24, 2025

Mitsubishi ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Mitsubishi Electric CNC communication software and associated tools contain a DLL loading vulnerability (CWE-427) in the setup launcher. An attacker with local access to an engineering workstation can exploit this by placing a malicious DLL in a location the software searches during startup, causing arbitrary code execution with user privileges. Affected products include M70LC, M730LC, NC Trainer series, NC Monitor series, NC Designer series, NC Analyzer series, NC Explorer, NC Visualizer, Remote Monitor Tool, MS Configurator, and related utilities. Four products have vendor fixes available (NC Trainer2, NC Trainer2 plus, FCSB1224, NC Virtual Simulator); thirteen products will not be patched.

What this means

What could happen

An attacker with local access to an engineering workstation running vulnerable CNC software could execute arbitrary code with user privileges by causing the software to load a malicious DLL, potentially compromising the integrity of CNC programs or blocking access to programming and monitoring functions.

Who's at risk

Manufacturing and process control engineers using Mitsubishi Electric CNC software tools (NC Trainer, NC Monitor, NC Designer, NC Virtual Simulator, FCSB1224, and associated utilities) on engineering workstations. This affects organizations that program and maintain CNC machines and numerical control devices.

How it could be exploited

An attacker with local access to an affected engineering workstation exploits a DLL loading vulnerability in the setup launcher by placing a malicious DLL in a location the application searches during initialization. When a user runs the setup launcher or application, it loads the attacker's code instead of the legitimate library.

Prerequisites

Local access to engineering workstation running vulnerable software
Ability to write files to a directory searched by the CNC software (e.g., Windows system paths or application directories)
User must launch the affected CNC software component

Local access requiredLow attack complexityNo patch available for 13 of 17 affected productsAffects engineering/programming tools critical to CNC operations

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (19)

4 with fix2 pending13 EOL

ProductAffected VersionsFix Status

Mitsubishi Electric CNC communication software runtime library M70LC: vers:all/*All versionsNo fix yet

Mitsubishi Electric CNC communication software runtime library M730LC: vers:all/*All versionsNo fix yet

NC Trainer2: <="AB"≤ "AB"AC+

Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224): <="A8"≤ "A8"A9+

NC Virtual Simulator: <="A4"≤ "A4"A5+

Remediation & Mitigation

0/5

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224): <="A8"

HOTFIXUpdate Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224) to version A9 or later from Mitsubishi Electric download site

All products

HOTFIXUpdate NC Trainer2 to version AC or later from Mitsubishi Electric download site

HOTFIXUpdate NC Trainer2 plus to version AC or later from Mitsubishi Electric download site

HOTFIXUpdate NC Virtual Simulator to version A5 or later from Mitsubishi Electric download site

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: NC Explorer: vers:all/*, NC Monitor2: vers:all/*, NC Monitor: vers:all/*, NC Trainer: vers:all/*, NC Visualizer: vers:all/*, Remote Monitor Tool: vers:all/*, MS Configurator: vers:all/*, NC Designer2: vers:all/*, NC Designer: vers:all/*, NC Configurator2: vers:all/*, NC Analyzer2: vers:all/*, NC Analyzer: vers:all/*, NC Trainer plus: vers:all/*. Apply the following compensating controls:

HARDENINGFor products with no fix planned (M70LC, M730LC, NC Explorer, NC Monitor2, NC Monitor, NC Trainer, NC Visualizer, Remote Monitor Tool, MS Configurator, NC Designer2, NC Designer, NC Configurator2, NC Analyzer2, NC Analyzer, NC Trainer plus), restrict access to engineering workstations to authorized users only and implement file integrity monitoring to detect unauthorized DLL placement

CVEs (1)

CVE-2016-2542

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bb706f91-8c43-41e2-a9ae-f26be6920b32

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.