Mitsubishi Electric CNC Series

Source: All CISA Advisories | Added:

The article discusses a vulnerability in Mitsubishi Electric's CNC Series software, specifically an uncontrolled search path element that allows for DLL hijacking, potentially enabling malicious code execution. This vulnerability affects multiple software tools and products within the CNC Series, with a CVSS score of 7.0 indicating its severity.

---

Impact: Mitsubishi Electric CNC Series products including NC Designer2, NC Designer, NC Configurator2, NC Analyzer2, NC Monitor2, NC Trainer2, and others.

In the Wild: No

Age: Newly disclosed

Remediation: Download and install fixed versions of NC Trainer2 and NC Trainer2 plus; restrict physical access, install antivirus, avoid untrusted files, and ensure no DLLs are present before running setup-launchers.

Read Full Original Article →