CVE-2025-2399 PUBLISHED

Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series

Assigner: Mitsubishi
Reserved: 17.03.2025 Published: 10.03.2026 Updated: 10.03.2026

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 5.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M800V Series M800VW
Versions	Default: unaffected Version System Number BND-2051W000 versions BB and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M800V Series M800VS
Versions	Default: unaffected Version System Number BND-2052W000 versions BB and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M80V Series M80V
Versions	Default: unaffected Version System Number BND-2053W000 versions BB and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M80V Series M80VW
Versions	Default: unaffected Version System Number BND-2054W000 versions BB and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M800 Series M800W
Versions	Default: unaffected Version System Number BND-2005W000 versions FM and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M800 Series M800S
Versions	Default: unaffected Version System Number BND-2006W000 versions FM and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M80 Series M80
Versions	Default: unaffected Version System Number BND-2007W000 versions FM and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M80 Series M80W
Versions	Default: unaffected Version System Number BND-2008W000 versions FM and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC E80 Series E80
Versions	Default: unaffected Version System Number BND-2009W000 versions FM and prior is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC C80 Series C80
Versions	Default: unaffected Version System Number BND-2036W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M700V Series M750VW
Versions	Default: unaffected Version System Number BND-1015W002 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M700V Series M720VW
Versions	Default: unaffected Version System Number BND-1015W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M700V Series M730VW
Versions	Default: unaffected Version System Number BND-1015W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M700V Series M720VS
Versions	Default: unaffected Version System Number BND-1012W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M700V Series M730VS
Versions	Default: unaffected Version System Number BND-1012W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M700V Series M750VS
Versions	Default: unaffected Version System Number BND-1012W002 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC M70V Series M70V
Versions	Default: unaffected Version System Number BND-1018W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC E70 Series E70
Versions	Default: unaffected Version System Number BND-1022W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC Software Tools NC Trainer2
Versions	Default: unaffected Version System Number BND-1802W000 all versions is affected

Vendor	Mitsubishi Electric Corporation
Product	Mitsubishi Electric CNC Software Tools NC Trainer2 plus
Versions	Default: unaffected Version System Number BND-1803W000 all versions is affected

References

Problem Types

CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input CWE

Impacts

Denial of Service (DoS)