586,113 active members*
3,724 visitors online*
Register for free
Login Register
Siemens Digital Industries Software Forum

Where today meets tomorrow.

Citizen Cincom L20(2Mx) Lathe, possible DoS vulnerability
  • 10-15-2021, 12:58 PM
    kibernetika
    Citizen Cincom L20(2Mx) Lathe, possible DoS vulnerability
    I work in a hybrid position, using this machine for production, but also engineering workshop network.
    While this might seem not too relevant to many people, but I like the idea of properly networking CNC
    machines with General Purpose computers, and while Citizen machines seems to lack a lot in this field,
    compared to something like Haas, as well as it lacks proper clear information about the machines themselves,

    doing occasional LAN network scan I seem to have frozen the Lathe and impaired it's production in few different
    ways, when machine was scanned. One time it froze another time it came up with weird errors and needed reboot,
    as for now I can only guess for what operating system that Lathe uses, but it is very likely some ancient windows
    based.

    Even if their "official" solution for moving programs to Lathe is kinda half century old and rigid, I would at least like
    to use that to move programs as its much easier to edit and review them on the computer with customized syntax
    highlighting. And as far as it seems, from Site Reliability Engineering point of view I suggest to connect such machine
    directly to a computer via separate NIC as otherwise production seems to be easy to DoS.

    I however do not have additional information as I cannot afford to keep freezing the box as it has to TURN.
  • 08-22-2022, 06:18 AM
    ViktorasCNC
    Re: Citizen Cincom L20(2Mx) Lathe, possible DoS vulnerability
    Quote:

    Originally Posted by kibernetika View Post
    I work in a hybrid position, using this machine for production, but also engineering workshop network.
    While this might seem not too relevant to many people, but I like the idea of properly networking CNC
    machines with General Purpose computers, and while Citizen machines seems to lack a lot in this field,
    compared to something like Haas, as well as it lacks proper clear information about the machines themselves,

    doing occasional LAN network scan I seem to have frozen the Lathe and impaired it's production in few different
    ways, when machine was scanned. One time it froze another time it came up with weird errors and needed reboot,
    as for now I can only guess for what operating system that Lathe uses, but it is very likely some ancient windows
    based.

    Even if their "official" solution for moving programs to Lathe is kinda half century old and rigid, I would at least like
    to use that to move programs as its much easier to edit and review them on the computer with customized syntax
    highlighting. And as far as it seems, from Site Reliability Engineering point of view I suggest to connect such machine
    directly to a computer via separate NIC as otherwise production seems to be easy to DoS.

    I however do not have additional information as I cannot afford to keep freezing the box as it has to TURN.


    I've lost the OP account when I switched jobs, but now I can see that my post lacked information. I was writing about a swiss machine with Mitsubishi Controller.

    And here it goes, some actual expert discovers it some months later. Hehe ;)

    https://nvd.nist.gov/vuln/detail/CVE-2022-25161