Mitsubishi Electric has reported a critical vulnerability affecting a range of its electrical discharge machines (EDMs), identified under CVE-2024-32041. This vulnerability is present in the Microsoft Message Queuing service used by these machines and can lead to improper input validation, enabling attackers to potentially disclose, tamper with, destroy, or delete information, or even cause a denial-of-service condition. The vulnerability has been given a high severity rating of 9.3 on the CVSS v4 scale, indicating its serious potential impact. The affected products span several series of Mitsubishi’s wire-cut and sinker EDMs, including the MV, MP, MX, SV-P, and SG series, specifically those running on outdated versions prior to the Special Modification Patch BRD-C62W003-A0.
The issue spans across a broad spectrum of models and series, which have been widely deployed in critical manufacturing sectors globally. Without the Special Modification Patch BRD-C62W003-A0, these systems are vulnerable to exploitation. The affected models are used worldwide and play a critical role in various manufacturing processes, making the potential exploitation of this vulnerability a significant industrial concern. Mitsubishi Electric’s headquarters in Japan and the wide deployment of these systems underscore the global scale and importance of addressing this security flaw promptly.
In response to the discovery of the vulnerability, Mitsubishi Electric has recommended specific mitigations to protect the affected EDMs. Customers are urged to install the Special Modification Patch BRD-C62W003-A0 to close the security loophole effectively. Additional recommended security measures include using firewalls and virtual private networks (VPNs) to prevent unauthorized access, especially when internet access is required, and restricting physical access to the affected products and related network devices.
Mitsubishi Electric’s proactive approach in reporting the vulnerability to CISA and their swift provision of mitigations highlight their commitment to customer safety and security. However, the situation serves as a reminder of the ongoing cybersecurity risks faced by industrial sectors and the critical need for constant vigilance and timely updates in technological systems. As digital integration deepens in manufacturing and other critical sectors, the emphasis on securing industrial control systems from emerging cyber threats becomes increasingly paramount.
