Vulnerability identifier: #VU99233
Vulnerability risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
M800VW
Hardware solutions /
Firmware
M800VS
Hardware solutions /
Firmware
M80V
Hardware solutions /
Firmware
M80VW
Hardware solutions /
Firmware
M800W
Hardware solutions /
Firmware
M800S
Hardware solutions /
Firmware
M80
Hardware solutions /
Firmware
M80W
Hardware solutions /
Firmware
E80
Hardware solutions /
Firmware
C80
Hardware solutions /
Firmware
M750VW
Hardware solutions /
Firmware
M730VW
Hardware solutions /
Firmware
M720VW
Hardware solutions /
Firmware
M750VS
Hardware solutions /
Firmware
M730VS
Hardware solutions /
Firmware
M720VS
Hardware solutions /
Firmware
M70V
Hardware solutions /
Firmware
E70
Hardware solutions /
Firmware
NC Trainer2
Hardware solutions /
Firmware
NC Trainer2 plus
Hardware solutions /
Firmware
Vendor: Mitsubishi Electric
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Numerical Control Systems (CNC). A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
M800VW: All versions
M800VS: All versions
M80V: All versions
M80VW: All versions
M800W: All versions
M800S: All versions
M80: All versions
M80W: All versions
E80: All versions
C80: All versions
M750VW: All versions
M730VW: All versions
M720VW: All versions
M750VS: All versions
M730VS: All versions
M720VS: All versions
M70V: All versions
E70: All versions
NC Trainer2: All versions
NC Trainer2 plus: All versions
External links
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf
http://jvn.jp/vu/JVNVU92054409/index.html
http://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.