ICSA-24-135-04 · Published 2026-01-15 · View on CISA ICS-CERT ↗

Mitsubishi Electric Multiple FA Engineering Software Products (Update E)

CVSS 6.0 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition. Additionally, an attacker may gain Windows system privileges and execute arbitrary commands.

CVEs (12)

CVE-2023-51776 CVE-2023-51777 CVE-2023-51778 CVE-2024-22102 CVE-2024-22103 CVE-2024-22104 CVE-2024-22105 CVE-2024-22106 CVE-2024-25086 CVE-2024-25087 CVE-2024-25088 CVE-2024-26314

Remediations

Mitsubishi Electric recommends users download and install the update as follows:
CPU Module Logging Configuration Tool : Update to"1.160S" or later.
CSGL (GX Works2 connection configuration): Update to "2.6" or later - contact your place of purchase for assistance.
CW Configurator: Update to "1.020W" or later.
Data Transfer: Update to "3.59M" or later.
Data Transfer Classic: Update to "1.01B" or later.
EZSocket: Update to "5.A" or later - contact your place of purchase for assistance.
FR Configurator2: Update to "1.33K" or later.
GENESIS: Update to "11" or later. GENESIS is the successor product to GENESIS64 and the ICONICS Suite.
GT Designer3 Version1 (GOT1000): Update to "1.315D" or later.
GT Designer3 Version1 (GOT2000): Update to "1.320J" or later.
GT SoftGOT1000 Version3: Update to "3.315D" or later.
GT SoftGOT2000 Version1: Update to "1.320J" or later.
GX LogViewer: Update to "1.160S" or later.
GX Works2: Update to "1.625B" or later.
GX Works3: Update to "1.110Q" or later.
iQ Works (MELSOFT Navigator): Update to "2.106L" or later.
Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224): Update to "A9" or later
MR Configurator2: Update to "1.155M" or later.
Position Board Utility2(MRZJW3-MC2-UTL): Update to "3.50" or later.
MX Component: Update to "5.008J" or later.
PX Developer/Monitor Tool: Update to "1.59M" or later.
RT ToolBox3: Update to "2.50C" or later.
RT VisualBox: Update to "1.12N" or later.
Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): Update to "4.15R" or later.
MELSECNET/H Interface Board software package (SW0DNC-MNETH-B): Update to "37P" or later.
CC-Link System Master/Local Interface Board software package (SW1DNC-CCBD2-B): Update to "1.26C" or later.
CC-Link IE Field Network Interface Board software package (SW1DNC-CCIEF-J/-B): Update to "1.19V" or later.
CC-Link IE Controller Network Interface Board software package (SW1DNC-MNETG-B): Update to "1.32J" or later.
C Controller Interface Module utility (SW1DNC-QSCCF-B): Update to "2.20" or later - contact your place of purchase for assistance.
MELSOFT EM Software Development Kit (SW1DND-EMSDK-B): Update to "1.025B" or later.
MT Works2: Update to "1.205P" or later.
Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:
Restrict physical access to the computer using the product.
Install an antivirus software in your computer using the affected product.
Don't open untrusted files or click untrusted links.
For additional information see Mitsubishi Electric advisory 2024-001.

Affected Vendors

Mitsubishi Electric

Affected Products (37)

Mitsubishi Electric · CPU Module Logging Configuration Tool <="1.154L"

Mitsubishi Electric · CSGL (GX Works2 connection configuration) <="2.5"

Mitsubishi Electric · CW Configurator <="1.019V"

Mitsubishi Electric · Data Transfer <="3.58L"

Mitsubishi Electric · Data Transfer Classic <="1.00A"

Mitsubishi Electric · EZSocket (communication middleware product for Mitsubishi Electric partner companies) <="5.92"

Mitsubishi Electric · FR Configurator SW3 vers:all/*

Mitsubishi Electric · FR Configurator2 <="1.32J"

Mitsubishi Electric · GENESIS64 and ICONICS Suite <="10.97.3"

Mitsubishi Electric · GT Designer3 Version1 (GOT1000) <="1.310Y"

Mitsubishi Electric · GT Designer3 Version1 (GOT2000) <="1.317F"

Mitsubishi Electric · GT SoftGOT1000 Version3 <="3.310Y"

Mitsubishi Electric · GT SoftGOT2000 Version1 <="1.315D"

Mitsubishi Electric · GX Developer vers:all/*

Mitsubishi Electric · GX LogViewer <="1.154L"

Mitsubishi Electric · GX Works2 <="1.622Y"

Mitsubishi Electric · GX Works3 <="1.106L"

Mitsubishi Electric · iQ Works (MELSOFT Navigator) <="2.102G"

Mitsubishi Electric · MI Configurator vers:all/*

Mitsubishi Electric · Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224) <="A8"

Mitsubishi Electric · MR Configurator (SETUP221) vers:all/*

Mitsubishi Electric · MR Configurator2 <="1.150G"

Mitsubishi Electric · Position Board Utility2 (MRZJW3-MC2-UTL) <="3.40"

Mitsubishi Electric · MX Component <="5.007H"

Mitsubishi Electric · MX OPC Server DA/UA (Software packaged with MC Works64) vers:all/*

Mitsubishi Electric · PX Developer/Monitor Tool <="1.58L_"

Mitsubishi Electric · RT ToolBox3 <="2.20W"

Mitsubishi Electric · RT VisualBox <="1.11M_"

Mitsubishi Electric · Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) <="4.14Q"

Mitsubishi Electric · MELSECNET/H Interface Board software package (SW0DNC-MNETH-B) <="36N"

Mitsubishi Electric · CC-Link System Master/Local Interface Board software package (SW1DNC-CCBD2-B) <="1.25B"

Mitsubishi Electric · CC-Link IE Field Network Interface Board software package (SW1DNC-CCIEF-J) <="1.18U"

Mitsubishi Electric · CC-Link IE Field Network Interface Board software package (SW1DNC-CCIEF-B) <="1.18U"

Mitsubishi Electric · CC-Link IE Controller Network Interface Board software package (SW1DNC-MNETG-B) <="1.31H"

Mitsubishi Electric · C Controller Interface Module utility (SW1DNC-QSCCF-B) <="2.10"

Mitsubishi Electric · MELSOFT EM Software Development Kit (SW1DND-EMSDK-B) <="1.020W"

Mitsubishi Electric · MT Works2 <="1.200J_"

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more