Mitsubishi Electric CNC Series (Update E)

Risk Summary

Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending specially crafted packets. System reset is required for recovery.

CVEs (1)

Remediations

• Mitsubishi Electric has provided a fix for the following products:
• M800VW (BND-2051W000-**): Versions A9 or later
• M800VS (BND-2052W000-**): Versions A9 or later
• M80V (BND-2053W000-**): Versions A9 or later
• M80VW (BND-2054W000-**): Versions A9 or later
• M800W (BND-2005W000-**): Versions FC or later
• M800S (BND-2006W000-**): Versions FC or later
• M80 (BND-2007W000-**): Versions FC or later
• M80W (BND-2008W000-**): Versions FC or later
• E80 (BND-2009W000-**): Versions FC or later
• C80 (BND-2036W000-**): Versions BG or later
• M750VW (BND-1015W002-**): Versions LG or later
• M730VW/M720VW (BND-1015W000-**): Versions LG or later
• M750VS (BND-1012W002-**): Versions LG or later
• M730VS/M720VS (BND-1012W000-**): Versions LG or later
• M70V (BND-1018W000-**): Versions LG or later
• E70 (BND-1022W000-**): Versions LG or later
• Remote Service Gateway Unit (BND-2041W001-**): Versions AE or later
• For specific update instructions and additional details refer to Mitsubishi Electric advisory 2023-007.
• For users that are unable to update their systems immediately, Mitsubishi Electric recommends applying the mitigations below to minimize the risk:
• Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
• Install anti-virus software on the PC that can access the product.
• Use within a LAN and block access from untrusted networks and hosts through firewalls.
• Restrict physical access to the affected product and the LAN to which the product is connected.

Affected Vendors

Affected Products (18)

Affected Sectors

Critical Manufacturing