Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-2399

CVE-2025-2399: Mitsubishi CNC Systems DoS Vulnerability

CVE-2025-2399 is a denial-of-service flaw in Mitsubishi Electric CNC systems that allows remote attackers to trigger an out-of-bounds read via port 683. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2025-2399 Overview

CVE-2025-2399 is an Improper Validation of Specified Index, Position, or Offset in Input vulnerability (CWE-1285) affecting multiple Mitsubishi Electric CNC controller series and software tools. This vulnerability allows a remote attacker to cause an out-of-bounds read condition, resulting in denial-of-service by sending specially crafted packets to TCP port 683.

The vulnerability impacts critical industrial control systems (ICS) used in manufacturing environments, making it a significant concern for operational technology (OT) security teams. CNC controllers are essential components in automated manufacturing processes, and disruption could impact production lines.

Critical Impact

Remote attackers can disrupt CNC controller operations by sending malicious network packets to TCP port 683, causing denial-of-service conditions in industrial manufacturing environments.

Affected Products

  • Mitsubishi Electric CNC M800V Series (M800VW, M800VS)
  • Mitsubishi Electric CNC M80V Series (M80V, M80VW)
  • Mitsubishi Electric CNC M800 Series (M800W, M800S)
  • Mitsubishi Electric CNC M80 Series (M80, M80W)
  • Mitsubishi Electric CNC E80 Series (E80)
  • Mitsubishi Electric CNC C80 Series (C80)
  • Mitsubishi Electric CNC M700V Series (M750VW, M720VW, M730VW, M720VS, M730VS, M750VS)
  • Mitsubishi Electric CNC M70V Series (M70V)
  • Mitsubishi Electric CNC E70 Series (E70)
  • Mitsubishi Electric NC Trainer2 Software
  • Mitsubishi Electric NC Trainer2 plus Software

Discovery Timeline

  • 2026-03-10 - CVE-2025-2399 published to NVD
  • 2026-03-11 - Last updated in NVD database

Technical Details for CVE-2025-2399

Vulnerability Analysis

This vulnerability stems from improper validation of specified index, position, or offset values in input data processed by the affected CNC controllers and software tools. When the controllers receive network packets on TCP port 683, insufficient boundary checking allows attackers to trigger out-of-bounds read operations.

The attack can be executed remotely over the network without requiring any authentication or user interaction, though it requires high attack complexity to successfully exploit. The vulnerability exclusively impacts system availability without compromising data confidentiality or integrity.

Industrial control systems like CNC controllers typically operate in segmented networks, but improper network architecture or misconfigurations could expose TCP port 683 to unauthorized access. Successful exploitation would disrupt CNC operations, potentially halting manufacturing processes.

Root Cause

The root cause is classified under CWE-1285 (Improper Validation of Specified Index, Position, or Offset in Input). The affected firmware and software fail to properly validate index or offset values contained within incoming network packets before using them to access memory locations. This allows an attacker to specify values that reference memory outside the intended buffer boundaries, triggering an out-of-bounds read condition.

Attack Vector

The attack vector is network-based, targeting TCP port 683 on vulnerable Mitsubishi Electric CNC controllers. An attacker would craft malicious network packets containing invalid index, position, or offset values and transmit them to the target system. Upon processing these packets, the vulnerable component attempts to read from memory locations outside valid boundaries, causing the service to crash or become unresponsive.

The attack does not require authentication (PR:N) or user interaction (UI:N), but achieving reliable exploitation requires the attacker to overcome certain conditions, reflected in the high attack complexity rating. The impact is limited to availability (A:H), with no effect on confidentiality or integrity of the system.

Detection Methods for CVE-2025-2399

Indicators of Compromise

  • Unexpected network traffic targeting TCP port 683 from unauthorized sources
  • CNC controller crashes or restarts without apparent cause
  • Anomalous packet patterns or malformed data observed in network captures on TCP port 683
  • Service disruptions correlating with inbound network activity to affected controllers

Detection Strategies

  • Implement network monitoring rules to detect unusual traffic patterns targeting TCP port 683
  • Deploy intrusion detection signatures to identify malformed packets destined for CNC controllers
  • Configure alerts for unexpected CNC controller restarts or service interruptions
  • Enable deep packet inspection at network boundaries to identify exploitation attempts

Monitoring Recommendations

  • Establish baseline network traffic profiles for CNC controller communications
  • Monitor firewall and IDS/IPS logs for blocked or flagged traffic to TCP port 683
  • Implement continuous availability monitoring for CNC controller systems
  • Review system logs on affected controllers for crash events or memory access violations

How to Mitigate CVE-2025-2399

Immediate Actions Required

  • Review network architecture to ensure CNC controllers are properly segmented from untrusted networks
  • Implement firewall rules to restrict access to TCP port 683 to authorized systems only
  • Monitor for vendor patches and apply updates when available
  • Conduct asset inventory to identify all affected Mitsubishi Electric CNC controllers in the environment

Patch Information

Mitsubishi Electric has released security documentation addressing this vulnerability. Organizations should consult the Mitsubishi Electric Security Document for detailed patch information and firmware updates. Additional information is available in the JVN Vulnerability Report.

Apply vendor-provided patches according to your change management process, prioritizing systems with higher exposure risk. Coordinate firmware updates during planned maintenance windows to minimize operational impact.

Workarounds

  • Restrict network access to TCP port 683 using firewall rules, allowing connections only from trusted management systems
  • Implement network segmentation to isolate CNC controllers from untrusted network segments
  • Deploy intrusion prevention systems (IPS) with signatures to detect and block exploitation attempts
  • Consider disabling TCP port 683 if the associated functionality is not required for operations
bash
# Example firewall rule to restrict access to TCP port 683
# Allow only authorized management subnet (adjust IPs as needed)
iptables -A INPUT -p tcp --dport 683 -s 10.10.10.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 683 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne