Remote Unauthenticated Denial of Service Vulnerability in Mitsubishi Electric CNC Series
CVE-2024-7316

5.9MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Mitsubishi Electric Cnc M800v Series M800vw; Mitsubishi Electric Cnc M800v Series M800vs; Mitsubishi Electric Cnc M80v Series M80v; Mitsubishi Electric Cnc M80v Series M80vw
Vendor: CVE Published:; 17 October 2024

Summary

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.

Affected Version(s)

Mitsubishi Electric CNC C80 Series C80 System Number BND-2036W000 all versions

Mitsubishi Electric CNC E70 Series E70 System Number BND-1022W000 versions LG and prior

Mitsubishi Electric CNC E80 Series E80 System Number BND-2009W000 versions FH and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

vendor-advisory

https://jvn.jp/vu/JVNVU92054409/index.html

government-resource

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024