IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Mitsubishi Electric CNC Series (Update D)

MEDIUM
CVSS 5.9
Date 2026-07-02T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of this vulnerability could allow a remote attacker to cause a denial of service (DoS) condition in Mitsubishi Electric CNC Series by sending specially crafted packets to TCP port 683, causing an emergency stop.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2024-7316 5.9 medium
Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability exists in Mitsubishi Electric CNC Series. This vulnerability could allow a remote attacker to cause a denial of service (DoS) condition in the affected product by sending specially crafted packets to TCP port 683, causing an emergency stop. In addition, system reset is required for recovery.

// Remediations (25)

Mitigation: Use within a LAN and block access from untrusted networks and hosts through firewalls.
Use within a LAN and block access from untrusted networks and hosts through firewalls.
Mitigation: E80 (BND-2009W000-** ): Update to FJ or later
E80 (BND-2009W000-** ): Update to FJ or later
Mitigation: For customers who cannot immediately update the product, Mitsubishi Electric recommends restricting
For customers who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the products and the LAN to which they are connected, to minimize the risk of exploiting this vulnerability.
Patch: Mitsubishi Electric is releasing fixed version FJ or later for Mitsubishi Electric CNC M800/M80/E80
Mitsubishi Electric is releasing fixed version FJ or later for Mitsubishi Electric CNC M800/M80/E80 Series M800W (BND-2005W000-**), M800S (BND-2006W000-**), M80 (BND-2007W000-**), M80W (BND-2008W000-**), and E80 (BND-2009W000-**). Please apply the fixed version to the product. For instructions on how to apply it, please consult your nearest Mitsubishi Electric representative. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-007_en.pdf".
Mitigation: Restrict physical access to the affected product and the LAN to which the product is connected.
Restrict physical access to the affected product and the LAN to which the product is connected.
Mitigation: C80 (BND-2036W000-** ): Update to BK or later
C80 (BND-2036W000-** ): Update to BK or later
Mitigation: E70 (BND-1022W000-** ): Update to LH or later
E70 (BND-1022W000-** ): Update to LH or later
Mitigation: M730VW/M720VW (BND-1015W000-** ): Update to LH or later
M730VW/M720VW (BND-1015W000-** ): Update to LH or later
Mitigation: M750VS (BND-1012W002-** ): Update to LH or later
M750VS (BND-1012W002-** ): Update to LH or later
Mitigation: For customers who cannot immediately update the product, Mitsubishi Electric recommends installing a
For customers who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on your PC that can access the affected product, to minimize the risk of exploiting this vulnerability.
Mitigation: M750VW (BND-1015W002-** ): Update to LH or later
M750VW (BND-1015W002-** ): Update to LH or later
Mitigation: For customers who cannot immediately update the product, Mitsubishi Electric recommends using within
For customers who cannot immediately update the product, Mitsubishi Electric recommends using within a LAN and blocking access from untrusted networks and hosts through firewalls, to minimize the risk of exploiting this vulnerability.
Patch: Mitsubishi Electric is releasing fixed version B2 or later for Mitsubishi Electric CNC M800V/M80V Se
Mitsubishi Electric is releasing fixed version B2 or later for Mitsubishi Electric CNC M800V/M80V Series M800VW (BND-2051W000-**), M800VS (BND-2052W000-**), M80V (BND-2053W000-**), and M80VW (BND-2054W000-**). Please apply the fixed version to the product. For instructions on how to apply it, please consult your nearest Mitsubishi Electric representative. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-007_en.pdf".
Mitigation: Use IP filter function to block access from untrusted hosts.
Use IP filter function to block access from untrusted hosts.
Mitigation: IP filter function is available for M800V/M80V Series and M800/M80/E80 Series.
IP filter function is available for M800V/M80V Series and M800/M80/E80 Series.
Mitigation: For customers who cannot immediately update the product, Mitsubishi Electric recommends using a fire
For customers who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required, to minimize the risk of exploiting this vulnerability.
Patch: Mitsubishi Electric is releasing fixed version BK or later for Mitsubishi Electric CNC C80 Series C8
Mitsubishi Electric is releasing fixed version BK or later for Mitsubishi Electric CNC C80 Series C80 (BND-2036W000-**). Please apply the fixed version to the product. For instructions on how to apply it, please consult your nearest Mitsubishi Electric representative. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-007_en.pdf".
Mitigation: Additionally, Mitsubishi Electric recommends the following mitigations:
Additionally, Mitsubishi Electric recommends the following mitigations:
Mitigation: Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet acc
Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
Mitigation: Install anti-virus software on the PC that can access the product.
Install anti-virus software on the PC that can access the product.
Mitigation: For customers who cannot immediately update the product, Mitsubishi Electric recommends using the IP
For customers who cannot immediately update the product, Mitsubishi Electric recommends using the IP filter function of the affected product to block access from untrusted hosts and minimize the risk of exploiting this vulnerability. The IP filter function is available for M800V/M80V series and M800/M80/E80 series. For details on the IP filter function, refer to "16. Appendix 3 IP Address Filter Setting Function" in the M800V/M80V Series Instruction Manual or "15. Appendix 2 IP Address Filter Setting Function" in the M800/M80/E80 Series Instruction Manual which can be downloaded from the link "https://www.mitsubishielectric.com/fa/download/index.html".
Mitigation: M730VS/M720VS (BND-1012W000-** ): Update to LH or later
M730VS/M720VS (BND-1012W000-** ): Update to LH or later
Patch: Mitsubishi Electric is releasing fixed version LH or later for Mitsubishi Electric CNC M700V/M70V/E7
Mitsubishi Electric is releasing fixed version LH or later for Mitsubishi Electric CNC M700V/M70V/E70 Series M750VW (BND-1015W002-**), M730VW (BND-1015W000-**), M720VW (BND-1015W000-**), M750VS (BND-1012W002-**), M730VS (BND-1012W000-**), M720VS (BND-1012W000-**), M70V (BND-1018W000-**), and E70 (BND-1022W000-**). Please apply the fixed version to the product. For instructions on how to apply it, please consult your nearest Mitsubishi Electric representative. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-007_en.pdf".
Mitigation: For details about the IP filter function, please refer to the following manual for each product: M80
For details about the IP filter function, please refer to the following manual for each product: M800V/M80V Series Instruction Manual "16. Appendix 3 IP Address Filter Setting Function" and M800/M80/E80 Series Instruction Manual "15. Appendix 2 IP Address Filter Setting Function."
Mitigation: M70V (BND-1018W000-** ): Update to LH or later
M70V (BND-1018W000-** ): Update to LH or later

// References