CVE-2024-7316

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric M800V/M80V Series versions (affected versions not specified) Mitsubishi Electric M800/M80/E80 Series versions (affected versions not specified) Mitsubishi Electric C80 Series versions (affected versions not specified) Mitsubishi Electric M700V/M70V/E70 Series versions (affected versions not specified) Mitsubishi Electric CNC Series versions (affected versions not specified) Mitsubishi Electric Software Tools versions (affected versions not specified)

Description: The issue is related to improper validation of specified quantity in input, which can be exploited by a remote attacker to cause a Denial of Service (DoS) condition. This can be achieved by sending specially crafted TCP packets to port 683, potentially leading to an emergency stop. The estimated number of potentially affected devices worldwide is not available.

Recommendations: For Mitsubishi Electric M800V/M80V Series, consider restricting access to TCP port 683 until a patch is available. For Mitsubishi Electric M800/M80/E80 Series, avoid using the vulnerable input validation mechanism until the issue is resolved. For Mitsubishi Electric C80 Series, restrict access to the emergency stop function until a fix is provided. For Mitsubishi Electric M700V/M70V/E70 Series, consider disabling the remote access feature to minimize the risk of exploitation. For Mitsubishi Electric CNC Series, as a temporary workaround, consider disabling the TCP port 683 interface until a patch is available. For Mitsubishi Electric Software Tools, at the moment, there is no information about a newer version that contains a fix for this vulnerability.