CVE-2016-2542 Mitsubishi Electric CVE debrief

Who should care

OT/ICS operators, plant engineers, and IT administrators running Mitsubishi Electric CNC software on Windows systems should review this advisory. Security teams supporting engineering workstations, maintenance laptops, or shared computers used to install or launch the affected tools should also prioritize it.

Technical summary

The issue is a CWE-427 uncontrolled search path element that can enable malicious code execution through DLL hijacking. The supplied CVSS v3.1 vector is AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack conditions, high attack complexity, and user interaction requirements. The advisory attributes the issue to Flexera InstallShield behavior used in several Mitsubishi Electric CNC-related products and provides product-specific fixes for NC Trainer2, NC Trainer2 plus, Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224), and NC Virtual Simulator, while stating that several other affected products have no planned fixed version.

Defensive priority

High for systems that install, launch, or maintain the affected Mitsubishi Electric CNC tools, especially shared or operator-facing Windows workstations; moderate elsewhere because the attack requires local access and user interaction.

Recommended defensive actions

• Inventory all installed Mitsubishi Electric CNC Series products listed in the advisory and compare them against the affected versions.
• Upgrade NC Trainer2 to version AC or later.
• Upgrade NC Trainer2 plus to version AC or later.
• Upgrade Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224) to version A9 or later.
• Upgrade NC Virtual Simulator to version A5 or later.
• For products with no planned fixed version, apply the vendor mitigations: restrict physical access, install antivirus software, avoid opening untrusted files or links, and do not run setup-launchers from untrusted or non
• trusted sources.
• Before running any setup-launcher, verify that no DLL is present in the folder containing the launcher executable, as directed by the vendor advisory and mitigation guidance.

Evidence notes

Primary evidence comes from the CISA CSAF advisory ICSA-25-205-01 (published 2025-07-24, updated 2026-01-29) and its referenced remediation guidance. The advisory explicitly describes a malicious code execution vulnerability via DLL hijacking caused by an uncontrolled search path element (CWE-427) in Flexera InstallShield used by Mitsubishi Electric CNC Series software tools. It also lists 19 affected products, product-specific fixed versions for some items, and states that several products have no planned fixed version. The supplied CVSS v3.1 vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The enrichment indicates the issue is not in CISA KEV.

Official resources