Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Title
Уязвимость микропрограммного обеспечения программируемых логических контроллеров Mitsubishi Electric M800V/M80V Series, M800/M80/E80 Series, C80 Series, M700V/M70V/E70 Series, Software Tools, связанная с некорректным вводом конфигурационных данных,
позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость микропрограммного обеспечения программируемых логических контроллеров Mitsubishi Electric M800V/M80V Series, M800/M80/E80 Series, C80 Series, M700V/M70V/E70 Series, Software Tools связана с некорректным вводом конфигурационных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании, путем отправки специально созданных TCP-пакетов на порт 683
Severity
Vendor
Mitsubishi Electric Corporation
Software Name
M800VW, M800VS, M80V, M80VW, M800W, M800S, M80, M80W, E80, C80, M70V, E70, M750VW, M730VW, M720VS, M750VS, M730VS, M720VW, NC Trainer2, NC Trainer2 plus
Software Version
- (M800VW), - (M800VS), - (M80V), - (M80VW), - (M800W), - (M800S), - (M80), - (M80W), - (E80), - (C80), - (M70V), - (E70), - (M750VW), - (M730VW), - (M720VS), - (M750VS), - (M730VS), - (M720VW), - (NC Trainer2), - (NC Trainer2 plus)
Possible Mitigations
Использование рекомендаций производителя:
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf
Компенсирующие меры:
- использование средств межсетевого экранирования для ограничения возможности удалённого доступа к устройствам;
- ограничение доступа из внешних сетей (Интернет);
- сегментирование сети для ограничения доступа к уязвимому устройству;
- использование средств обнаружения и предотвращения вторжений (IDS/IPS) для выявления и реагирования на попытки эксплуатации уязвимости;
- использование виртуальных частных сетей для организации удаленного доступа (VPN).
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-7316
https://vuldb.com/?id.280865
https://vulners.com/cve/CVE-2024-7316
https://jvn.jp/vu/JVNVU92054409/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03
CWE
CWE-1284
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Mitsubishi Electric Corporation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (M800VW), - (M800VS), - (M80V), - (M80VW), - (M800W), - (M800S), - (M80), - (M80W), - (E80), - (C80), - (M70V), - (E70), - (M750VW), - (M730VW), - (M720VS), - (M750VS), - (M730VS), - (M720VW), - (NC Trainer2), - (NC Trainer2 plus)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c; \n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442); \n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443; \n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 (IDS/IPS) \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438; \n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.12.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.10.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-08757",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-7316, ICSA-24-291-03",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "M800VW, M800VS, M80V, M80VW, M800W, M800S, M80, M80W, E80, C80, M70V, E70, M750VW, M730VW, M720VS, M750VS, M730VS, M720VW, NC Trainer2, NC Trainer2 plus",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Mitsubishi Electric M800V/M80V Series, M800/M80/E80 Series, C80 Series, M700V/M70V/E70 Series, Software Tools, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u0432\u0432\u043e\u0434\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445,\n\u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0432\u0445\u043e\u0434\u0435 (CWE-1284)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Mitsubishi Electric M800V/M80V Series, M800/M80/E80 Series, C80 Series, M700V/M70V/E70 Series, Software Tools \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u0432\u0432\u043e\u0434\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 TCP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043d\u0430 \u043f\u043e\u0440\u0442 683",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2024-7316\nhttps://vuldb.com/?id.280865\nhttps://vulners.com/cve/CVE-2024-7316\nhttps://jvn.jp/vu/JVNVU92054409/index.html\nhttps://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-1284",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}
ICSA-24-291-03
Vulnerability from csaf_cisa - Published: 2024-10-17 06:00 - Updated: 2025-12-18 07:00Summary
Mitsubishi Electric CNC Series (Update C)
Notes
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Risk evaluation: Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition on the affected device.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: For additional information see Mitsubishi Electric advisory
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.
5.9 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric M800VW (BND-2051W000-** ): <=B1
Mitsubishi Electric / M800VW (BND-2051W000-** )
|
<=B1 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M800VS (BND-2052W000-** ): <=B1
Mitsubishi Electric / M800VS (BND-2052W000-** )
|
<=B1 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M80V (BND-2053W000-** ): <=B1
Mitsubishi Electric / M80V (BND-2053W000-** )
|
<=B1 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M80VW (BND-2054W000-** ): <=B1
Mitsubishi Electric / M80VW (BND-2054W000-** )
|
<=B1 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M800W (BND-2005W000-** ): <=FH
Mitsubishi Electric / M800W (BND-2005W000-** )
|
<=FH |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M800S (BND-2006W000-** ): <=FH
Mitsubishi Electric / M800S (BND-2006W000-** )
|
<=FH |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M80 (BND-2007W000-** ): <=FH
Mitsubishi Electric / M80 (BND-2007W000-** )
|
<=FH |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M80W (BND-2008W000-** ): <=FH
Mitsubishi Electric / M80W (BND-2008W000-** )
|
<=FH |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric E80 (BND-2009W000-** ): <=FH
Mitsubishi Electric / E80 (BND-2009W000-** )
|
<=FH |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric C80 (BND-2036W000-** ): <=BJ
Mitsubishi Electric / C80 (BND-2036W000-** )
|
<=BJ |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M750VW (BND-1015W002-** ): <=LG
Mitsubishi Electric / M750VW (BND-1015W002-** )
|
<=LG |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M730VW/M720VW (BND-1015W000-** ): <=LG
Mitsubishi Electric / M730VW/M720VW (BND-1015W000-** )
|
<=LG |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M750VS (BND-1012W002-** ): <=LG
Mitsubishi Electric / M750VS (BND-1012W002-** )
|
<=LG |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M730VS/M720VS (BND-1012W000-** ): <=LG
Mitsubishi Electric / M730VS/M720VS (BND-1012W000-** )
|
<=LG |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M70V (BND-1018W000-** ): <=LG
Mitsubishi Electric / M70V (BND-1018W000-** )
|
<=LG |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric E70 (BND-1022W000-** ): <=LG
Mitsubishi Electric / E70 (BND-1022W000-** )
|
<=LG |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric NC Trainer2 (BND-1802W000-** ): vers:all/*
Mitsubishi Electric / NC Trainer2 (BND-1802W000-** )
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric NC Trainer2 plus (BND-1803W000-** ): vers:all/*
Mitsubishi Electric / NC Trainer2 plus (BND-1803W000-** )
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
References
17 references
Acknowledgments
Mitsubishi Electric
{
"document": {
"acknowledgments": [
{
"organization": "Mitsubishi Electric",
"summary": "reported this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition on the affected device. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "For additional information see Mitsubishi Electric advisory",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-24-291-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-291-03.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-24-291-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Mitsubishi Electric CNC Series (Update C)",
"tracking": {
"current_release_date": "2025-12-18T07:00:00.000000Z",
"generator": {
"date": "2025-12-17T22:28:52.389021Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-291-03",
"initial_release_date": "2024-10-17T06:00:00.000000Z",
"revision_history": [
{
"date": "2024-10-17T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-02-20T07:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Updates to product list, mitigations, added CVSS v4 score."
},
{
"date": "2025-03-18T06:00:00.000000Z",
"legacy_version": "Update B",
"number": "3",
"summary": "Update B - Updates to product list and mitigations."
},
{
"date": "2025-12-18T07:00:00.000000Z",
"legacy_version": "Update C",
"number": "4",
"summary": "Update C - Update to product list and mitigations"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=B1",
"product": {
"name": "Mitsubishi Electric M800VW (BND-2051W000-** ): \u003c=B1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "M800VW (BND-2051W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=B1",
"product": {
"name": "Mitsubishi Electric M800VS (BND-2052W000-** ): \u003c=B1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "M800VS (BND-2052W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=B1",
"product": {
"name": "Mitsubishi Electric M80V (BND-2053W000-** ): \u003c=B1",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "M80V (BND-2053W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=B1",
"product": {
"name": "Mitsubishi Electric M80VW (BND-2054W000-** ): \u003c=B1",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "M80VW (BND-2054W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FH",
"product": {
"name": "Mitsubishi Electric M800W (BND-2005W000-** ): \u003c=FH",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "M800W (BND-2005W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FH",
"product": {
"name": "Mitsubishi Electric M800S (BND-2006W000-** ): \u003c=FH",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "M800S (BND-2006W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FH",
"product": {
"name": "Mitsubishi Electric M80 (BND-2007W000-** ): \u003c=FH",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "M80 (BND-2007W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FH",
"product": {
"name": "Mitsubishi Electric M80W (BND-2008W000-** ): \u003c=FH",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "M80W (BND-2008W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FH",
"product": {
"name": "Mitsubishi Electric E80 (BND-2009W000-** ): \u003c=FH",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "E80 (BND-2009W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=BJ",
"product": {
"name": "Mitsubishi Electric C80 (BND-2036W000-** ): \u003c=BJ",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "C80 (BND-2036W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=LG",
"product": {
"name": "Mitsubishi Electric M750VW (BND-1015W002-** ): \u003c=LG",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "M750VW (BND-1015W002-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=LG",
"product": {
"name": "Mitsubishi Electric M730VW/M720VW (BND-1015W000-** ): \u003c=LG",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "M730VW/M720VW (BND-1015W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=LG",
"product": {
"name": "Mitsubishi Electric M750VS (BND-1012W002-** ): \u003c=LG",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "M750VS (BND-1012W002-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=LG",
"product": {
"name": "Mitsubishi Electric M730VS/M720VS (BND-1012W000-** ): \u003c=LG",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "M730VS/M720VS (BND-1012W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=LG",
"product": {
"name": "Mitsubishi Electric M70V (BND-1018W000-** ): \u003c=LG",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "M70V (BND-1018W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=LG",
"product": {
"name": "Mitsubishi Electric E70 (BND-1022W000-** ): \u003c=LG",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "E70 (BND-1022W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric NC Trainer2 (BND-1802W000-** ): vers:all/*",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "NC Trainer2 (BND-1802W000-** )"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric NC Trainer2 plus (BND-1803W000-** ): vers:all/*",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "NC Trainer2 plus (BND-1803W000-** )"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7316",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "A denial-of-service (DoS) vulnerability exists in Numerical Control Systems (CNC). A malicious unauthenticated remote attacker may cause a denial-of-service (DoS) condition in the affected product by sending specially crafted packets to TCP port 683",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7316"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric recommends users take the following actions to minimize the risk of exploiting this vulnerability.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M800VW (BND-2051W000-** ): Update to B2 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M800VS (BND-2052W000-** ): Update to B2 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M80V (BND-2053W000-** ): Update to B2 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M80VW (BND-2054W000-** ): Update to B2 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M800W (BND-2005W000-** ): Update to FJ or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M800S (BND-2006W000-** ): Update to FJ or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M80 (BND-2007W000-** ): Update to FJ or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M80W (BND-2008W000-** ): Update to FJ or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "E80 (BND-2009W000-** ): Update to FJ or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "C80 (BND-2036W000-** ): Update to BK or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M750VW (BND-1015W002-** ): Update to LH or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M730VW/M720VW (BND-1015W000-** ): Update to LH or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M750VS (BND-1012W002-** ): Update to LH or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M730VS/M720VS (BND-1012W000-** ): Update to LH or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "M70V (BND-1018W000-** ): Update to LH or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "E70 (BND-1022W000-** ): Update to LH or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "Additionally, Mitsubishi Electric recommends the following mitigations:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "Install anti-virus software on the PC that can access the product.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to the affected product and the LAN to which the product is connected.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "Use IP filter function to block access from untrusted hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "IP filter function is available for M800V/M80V Series and M800/M80/E80 Series.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "For details about the IP filter function, please refer to the following manual for each product: M800V/M80V Series Instruction Manual \"16. Appendix 3 IP Address Filter Setting Function\" and M800/M80/E80 Series Instruction Manual \"15. Appendix 2 IP Address Filter Setting Function.\"",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…