Improper Input Validation in Mitsubishi Electric CNC M800V Series and More
CVE-2025-2399

5.9MEDIUM

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Mitsubishi Electric Cnc M800v Series M800vw
Mitsubishi Electric Cnc M800v Series M800vs
Mitsubishi Electric Cnc M80v Series M80v
Mitsubishi Electric Cnc M80v Series M80vw
Vendor
CVE Published:
10 March 2026

What is CVE-2025-2399?

The vulnerability in Mitsubishi Electric CNC products allows a remote attacker to exploit improper validation of specified index, position, or offset in input. By sending specially crafted packets to TCP port 683, an attacker can trigger an out-of-bounds read, potentially leading to a denial-of-service condition. Affected models include several within the M800V, M80, E80, and M70 series, along with software tools like NC Trainer2.

Affected Version(s)

Mitsubishi Electric CNC C80 Series C80 System Number BND-2036W000 all versions

Mitsubishi Electric CNC E70 Series E70 System Number BND-1022W000 all versions

Mitsubishi Electric CNC E80 Series E80 System Number BND-2009W000 versions FM and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU95523788/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...
government-resource

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.