← Back to home
ICSA-24-291-03  ·  Published 2025-12-18  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric CNC Series (Update C)

CVSS 5.9 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition on the affected device.

CVEs (1)

Remediations

  • Mitsubishi Electric recommends users take the following actions to minimize the risk of exploiting this vulnerability.
  • M800VW (BND-2051W000-** ): Update to B2 or later
  • M800VS (BND-2052W000-** ): Update to B2 or later
  • M80V (BND-2053W000-** ): Update to B2 or later
  • M80VW (BND-2054W000-** ): Update to B2 or later
  • M800W (BND-2005W000-** ): Update to FJ or later
  • M800S (BND-2006W000-** ): Update to FJ or later
  • M80 (BND-2007W000-** ): Update to FJ or later
  • M80W (BND-2008W000-** ): Update to FJ or later
  • E80 (BND-2009W000-** ): Update to FJ or later
  • C80 (BND-2036W000-** ): Update to BK or later
  • M750VW (BND-1015W002-** ): Update to LH or later
  • M730VW/M720VW (BND-1015W000-** ): Update to LH or later
  • M750VS (BND-1012W002-** ): Update to LH or later
  • M730VS/M720VS (BND-1012W000-** ): Update to LH or later
  • M70V (BND-1018W000-** ): Update to LH or later
  • E70 (BND-1022W000-** ): Update to LH or later
  • Additionally, Mitsubishi Electric recommends the following mitigations:
  • Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Install anti-virus software on the PC that can access the product.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls.
  • Restrict physical access to the affected product and the LAN to which the product is connected.
  • Use IP filter function to block access from untrusted hosts.
  • IP filter function is available for M800V/M80V Series and M800/M80/E80 Series.
  • For details about the IP filter function, please refer to the following manual for each product: M800V/M80V Series Instruction Manual "16. Appendix 3 IP Address Filter Setting Function" and M800/M80/E80 Series Instruction Manual "15. Appendix 2 IP Address Filter Setting Function."

Affected Vendors

Mitsubishi Electric

Affected Products (18)

Mitsubishi Electric · M800VW (BND-2051W000-** ) <=B1
Mitsubishi Electric · M800VS (BND-2052W000-** ) <=B1
Mitsubishi Electric · M80V (BND-2053W000-** ) <=B1
Mitsubishi Electric · M80VW (BND-2054W000-** ) <=B1
Mitsubishi Electric · M800W (BND-2005W000-** ) <=FH
Mitsubishi Electric · M800S (BND-2006W000-** ) <=FH
Mitsubishi Electric · M80 (BND-2007W000-** ) <=FH
Mitsubishi Electric · M80W (BND-2008W000-** ) <=FH
Mitsubishi Electric · E80 (BND-2009W000-** ) <=FH
Mitsubishi Electric · C80 (BND-2036W000-** ) <=BJ
Mitsubishi Electric · M750VW (BND-1015W002-** ) <=LG
Mitsubishi Electric · M730VW/M720VW (BND-1015W000-** ) <=LG
Mitsubishi Electric · M750VS (BND-1012W002-** ) <=LG
Mitsubishi Electric · M730VS/M720VS (BND-1012W000-** ) <=LG
Mitsubishi Electric · M70V (BND-1018W000-** ) <=LG
Mitsubishi Electric · E70 (BND-1022W000-** ) <=LG
Mitsubishi Electric · NC Trainer2 (BND-1802W000-** ) vers:all/*
Mitsubishi Electric · NC Trainer2 plus (BND-1803W000-** ) vers:all/*

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more