Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series Release date: October 17, 2024 Mitsubishi Electric Corporation Overview A denial of service (DoS) vulnerability exists in Numerical Control Systems (CNC). A malicious unauthenticated remote attacker may cause a denial of service (DoS) condition in the affected product by sending specially crafted packets to TCP port 683. (CVE-2024-7316) The product models and system versions affected by this vulnerability are listed below. CVSS CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 5.9 Affected products The following products, System Number and Versions are affected: For M800V/M80V, M800/M80/E80, C80 and M700V/M70V/E70 Series, please check “System Number” by following steps: 1) Display “Diagnostics” screen on the display unit of CNC, select “Config” menu and display “S/W Configuration” screen. 2) Confirm “System Number” displayed in “NCMAIN1” item on “S/W Configuration” screen. For NC Trainer2 and NC Trainer2 plus, check the “System Number” by following steps: 1) Start the program. 2) Click “Help” - “Version Information” in the menu bar to display the version information screen and check the system number starting with BND. For details, please refer to the following instruction manuals: Description A denial of service (DoS) vulnerability exists in the affected products due to improper validation of specified quantity in input (CWE-1284).