CVE-2025-2399

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric CNC M800V Series versions M800VW and M800VS Mitsubishi Electric CNC M80V Series versions M80V and M80VW Mitsubishi Electric CNC M800 Series versions M800W and M800S Mitsubishi Electric CNC M80 Series versions M80 and M80W Mitsubishi Electric CNC E80 Series version E80 Mitsubishi Electric CNC C80 Series version C80 Mitsubishi Electric CNC M700V Series versions M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS Mitsubishi Electric CNC M70V Series version M70V Mitsubishi Electric CNC E70 Series version E70 Mitsubishi Electric Software Tools NC Trainer2 Mitsubishi Electric Software Tools NC Trainer2 plus

Description An improper validation of specified index, position, or offset in input exists in the software. This allows a remote attacker to cause an out-of-bounds read, leading to a denial-of-service condition. The attack is carried out by sending specially crafted packets to TCP port 683.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.