ICS: Mitsubishi Electric CNC Series Vulnerability

Severity

Medium

Analysis Summary

CVE-2024-7316

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.

Impact

Denial of Service

Indicators of Compromise

CVE

CVE-2024-7316

Affected Vendors

Mitsubishi Electric

Affected Products

Mitsubishi Electric CNC M800V Series M800VW - System Number BND-2051W000
Mitsubishi Electric CNC M800V Series M800VS - System Number BND-2052W000
Mitsubishi Electric CNC M80V Series M80V - System Number BND-2053W000
Mitsubishi Electric CNC M80V Series M80VW - System Number BND-2054W000

Remediation

Refer to Mitsubishi Electric Security Advisory for patch, upgrade, or suggested workaround information.

Mitsubishi Electric Security Advisory

North Korea-Linked Konni APT Group – Active IOCs

New SingleCamper RAT Variant Used by Russian ‘RomCom’ Attacks to Target Ukrainian Government – Active IOCs

ICS: Mitsubishi Electric CNC Series Vulnerability

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan