Mitsubishi Electric CNC Series
MonitorCVSS 5.9ICS-CERT ICSA-26-078-05Mar 19, 2026
Mitsubishi ElectricEnergyManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Out-of-bounds read vulnerability in Mitsubishi Electric CNC control systems (M800VW, M800VS, M80V, M80VW, M800W, M800S, M80, M80W, E80, and legacy M700V/M700/C80 series). A remote attacker can send a specially crafted packet to trigger a memory read beyond allocated boundaries, causing the CNC machine to crash and deny service. Affects versions M800VW/M80VW/M800VS/M80V up to BB, M800W/M800S/M80/M80W/E80 up to FM. Legacy models (C80, M750/M730/M720 series, NC Trainer2 models) are vulnerable in all versions and will not receive fixes.
What this means
What could happen
An attacker with network access to a Mitsubishi Electric CNC machine could trigger an out-of-bounds memory read, crashing the device and halting part production until it is restarted. This affects manufacturing operations that depend on continuous CNC availability.
Who's at risk
Manufacturing plants and job shops using Mitsubishi Electric CNC machines for precision machining and part production. Specifically affects M800V series, M80V series, M800/M80/E80 series, and legacy M700V and M700 series machines. End-of-life product lines (C80, M750/M730/M720 series, NC Trainer models) are at permanent risk since they will not receive patches.
How it could be exploited
An attacker sends a specially crafted network packet to the CNC machine's network interface. The device attempts to read memory beyond its allocated boundaries, triggering a denial-of-service condition that crashes the control system. No authentication or physical access is required.
Prerequisites
- Network access to the CNC machine (typically port 502 for Mitsubishi industrial devices, or the machine's standard network interface)
- The CNC must be running a vulnerable firmware version
remotely exploitableno authentication requiredaffects production equipmentno patch available for legacy product lineslow to medium CVSS but high operational impact
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (20)
9 with fix11 EOL
ProductAffected VersionsFix Status
M800VW (BND-2051W000): <=BB≤ BBBC+
M800VS (BND-2052W000): <=BB≤ BBBC+
M80V (BND-2053W000): <=BB≤ BBBC+
M80VW (BND-2054W000): <=BB≤ BBBC+
M800W (BND-2005W000): <=FM≤ FMFN+
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDRestrict network access to CNC machines using a firewall—block incoming connections from untrusted networks and hosts
HARDENINGIf internet access is required for the CNC machine, enable the IP filter function (available on M800V/M80V and M800/M80/E80 series) to prevent unauthorized access
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate M800VW, M800VS, M80V, and M80VW firmware to version BC or later
HOTFIXUpdate M800W, M800S, M80, M80W, and E80 firmware to version FN or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: C80 (BND-2036W000): vers:all/*, M750VW (BND-1015W002): vers:all/*, M730VW (BND-1015W000): vers:all/*, M720VW (BND-1015W000): vers:all/*, M750VS (BND-1012W002): vers:all/*, M730VS (BND-1012W000): vers:all/*, M720VS (BND-1012W000): vers:all/*, M70V (BND-1018W000): vers:all/*, E70 (BND-1022W000): vers:all/*, NC Trainer2 (BND-1802W000): vers:all/*, NC Trainer2 plus (BND-1803W000): vers:all/*. Apply the following compensating controls:
HARDENINGOperate affected CNC machines only within a local area network (LAN) and isolate them from untrusted external networks
HARDENINGRestrict physical access to affected CNC machines and all connected network equipment
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f27550fa-93c9-41d3-8cc5-9cba64a5ceb9Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.