Mitsubishi Electric CNC Series (Update B)
Plan Patch7ICS-CERT ICSA-25-205-01Jul 24, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
Mitsubishi Electric CNC software products (NC Trainer, NC Monitor, NC Explorer, NC Visualizer, Remote Monitor Tool, and others) contain an insecure DLL loading vulnerability in the setup-launcher application. An attacker with local or network file access can place a malicious DLL that will be loaded when a user launches the vulnerable setup application, resulting in arbitrary code execution with user privileges. Fourteen of nineteen affected products have no fix available from the vendor; only four products (NC Trainer2, NC Trainer2 plus, FCSB1224, and NC Virtual Simulator) have patches available.
What this means
What could happen
An attacker with local access to an engineering workstation running vulnerable Mitsubishi CNC software could execute arbitrary code with the privileges of the logged-in user, potentially modifying CNC machine programs, tool offsets, or triggering unintended machine movements.
Who's at risk
This affects engineering workstations and configuration systems used in machine shops, manufacturing floors, and maintenance facilities that run Mitsubishi Electric CNC programming and monitoring software. Equipment at risk includes CNC machining centers, turning centers, and other numerically-controlled machine tools whose programs or settings could be altered through a compromised engineering workstation.
How it could be exploited
An attacker places a malicious DLL file on a shared network drive or local system where a user of vulnerable CNC software operates. When the user launches the setup application (setup-launcher), Windows searches for and loads the attacker's malicious DLL instead of the legitimate one, executing arbitrary code in the user's security context.
Prerequisites
- Local or network file system access to place a malicious DLL where the CNC software searches for libraries
- A user must launch the vulnerable setup application to trigger the DLL load
- User running the software must have write access to areas where CNC files or configurations are stored
Local attack requiredDLL injection / insecure library loadingNo patch available for most productsAffects engineering/configuration systems connected to production equipment
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (19)
4 with fix2 pending13 EOL
ProductAffected VersionsFix Status
Mitsubishi Electric CNC communication software runtime library M70LC: vers:all/*All versionsNo fix yet
Mitsubishi Electric CNC communication software runtime library M730LC: vers:all/*All versionsNo fix yet
NC Trainer2: <="AB"≤ "AB"AC or later
Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224): <="A8"≤ "A8"A9 or later
NC Virtual Simulator: <="A4"≤ "A4"A5 or later
Remediation & Mitigation
0/7
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224): <="A8"
HOTFIXUpdate FCSB1224 (Numerical Control Device Communication Software) to version A9 or later
All products
HOTFIXUpdate NC Trainer2 to version AC or later
HOTFIXUpdate NC Trainer2 plus to version AC or later
HOTFIXUpdate NC Virtual Simulator to version A5 or later
Mitigations - no patch available
0/3The following products have reached End of Life with no planned fix: NC Explorer: vers:all/*, NC Monitor2: vers:all/*, NC Monitor: vers:all/*, NC Trainer: vers:all/*, NC Visualizer: vers:all/*, Remote Monitor Tool: vers:all/*, MS Configurator: vers:all/*, NC Designer2: vers:all/*, NC Designer: vers:all/*, NC Configurator2: vers:all/*, NC Analyzer2: vers:all/*, NC Analyzer: vers:all/*, NC Trainer plus: vers:all/*. Apply the following compensating controls:
HARDENINGFor products with no fix available (NC Explorer, NC Monitor2, NC Monitor, NC Trainer, NC Trainer plus, NC Visualizer, Remote Monitor Tool, MS Configurator, M70LC runtime library, M730LC runtime library, NC Designer2, NC Designer, NC Configurator2, NC Analyzer2, NC Analyzer): restrict local and network file system access to CNC software directories to authorized engineering staff only
HARDENINGImplement application whitelisting or DLL search path hardening on engineering workstations running CNC software to prevent unauthorized DLL loading
HARDENINGMonitor engineering workstation file system for unexpected DLL files in CNC software directories
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/bb706f91-8c43-41e2-a9ae-f26be6920b32