PatchSiren cyber security CVE debrief
CVE-2024-7316 Mitsubishi Electric Corporation CVE debrief
A denial-of-service vulnerability in Mitsubishi Electric CNC Series allows unauthenticated remote attackers to disrupt operations by sending crafted packets to TCP port 683. The vulnerability affects 18 product variants across the M800, M80, M750/M730/M720, M70, E80, C80, E70, and NC Trainer2 series. CISA published the initial advisory on October 17, 2024, with subsequent updates through December 18, 2025 (Update C) expanding the affected product list and mitigations. The vulnerability carries a MEDIUM severity CVSS 3.1 score of 5.9. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Mitsubishi Electric Corporation
- Product
- M800VW (BND-2051W000-** )
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-17
- Original CVE updated
- 2025-12-18
- Advisory published
- 2024-10-17
- Advisory updated
- 2025-12-18
Who should care
Manufacturing organizations using Mitsubishi Electric CNC systems for machining operations; industrial automation engineers responsible for CNC network security; OT security teams managing shop floor connectivity; system integrators deploying Mitsubishi Electric CNC solutions; asset owners with remote access capabilities to CNC equipment
Technical summary
The vulnerability exists in the network service handling on TCP port 683 across multiple Mitsubishi Electric CNC controller families. An unauthenticated attacker can trigger a denial-of-service condition by transmitting specially crafted network packets to this port. The attack requires network accessibility to the target system but no authentication credentials. Affected systems span multiple generations of Mitsubishi Electric CNC products including the M800VW/VS, M80V/VW, M800W/S, M80/W, E80, C80, M750/730/720 series, M70V, E70, and NC Trainer2 software platforms. Firmware updates have been released to address the vulnerability, with specific version requirements varying by product line.
Defensive priority
medium
Recommended defensive actions
- Apply firmware updates per product-specific guidance: M800VW/M800VS/M80V/M80VW to B2 or later; M800W/M800S/M80/M80W/E80 to FJ or later; C80 to BK or later; M750VW/M730VW/M720VW/M750VS/M730VS/M720VS/M70V/E70 to LH orlater
- Restrict network access to affected CNC systems using firewalls or VPNs to prevent unauthorized remote access
- Install and maintain anti-virus software on any PCs with access to affected CNC products
- Monitor TCP port 683 for anomalous traffic patterns indicative of exploitation attempts
- Review and implement CISA ICS recommended practices for industrial control system security
Evidence notes
Vulnerability description and affected products derived from CISA CSAF advisory ICSA-24-291-03. CVSS score and vector from official CISA source. Timeline based on CSAF revision history showing initial publication 2024-10-17, Update A 2025-02-20, Update B 2025-03-18, and Update C 2025-12-18.
Official resources
-
CVE-2024-7316 CVE record
CVE.org
-
CVE-2024-7316 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-17