Mitsubishi Electric CNC Series (Update B)

Risk Summary

Successful exploitation of this vulnerability could allow a local attacker to execute malicious code by getting setup-launcher to load a malicious DLL.

CVEs (1)

Remediations

• Please download and install the fixed version from the Mitsubishi Electric download site: NC Trainer2: "AC" or later https://www.mitsubishielectric.com/fa/download/index.html.
• Please download and install the fixed version from the Mitsubishi Electric download site: NC Trainer2 plus: "AC" or later https://www.mitsubishielectric.com/fa/download/index.html.
• Please download and install the fixed version from the Mitsubishi Electric download site: Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224): "A9" or later https://www.mitsubishielectric.com/fa/download/index.html.
• Please download and install the fixed version from the Mitsubishi Electric download site: NC Virtual Simulator: "A5" or later https://www.mitsubishielectric.com/fa/download/index.html.
• Please note that there are no plans to release fixed versions for the following products: NC Designer, NC Analyzer, NC Monitor, NC Trainer, NC Trainer plus, NC Visualizer, Remote Monitor Tool, MS Configurator
• Restrict physical access to the computer using the product.
• Install an antivirus software in the computer using the affected product.
• Do not open untrusted files or click untrusted links.
• Do not run setup-launchers obtained from sources other than our branches, distributors or the Mitsubishi Electric FA website.
• Before running the setup-launcher, make sure that no DLL exists in the folder containing the setup-launcher executable file (the name varies depending on the product) for the product.
• For more information, see Mitsubishi Electric 2025-008 https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-008_en.pdf.

Affected Vendors

Affected Products (19)

Affected Sectors

Critical Manufacturing