{"id":48993,"date":"2022-10-24T00:00:00","date_gmt":"2022-10-24T00:00:00","guid":{"rendered":"urn:uuid:2f6e6124-0772-d432-5f0b-fdf82e3381f6"},"modified":"2022-10-24T00:00:00","modified_gmt":"2022-10-24T00:00:00","slug":"uncovering-security-blind-spots-in-cnc-machines","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/","title":{"rendered":"Uncovering Security Blind Spots in CNC Machines"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-banner.jpg\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"iot,research,articles, news, reports,cyber threats\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2022-10-24\"> <meta property=\"article:tag\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines.html\"> <title>Uncovering Security Blind Spots in CNC Machines<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines.html\"><br \/>\n<meta property=\"og:title\" content=\"Uncovering Security Blind Spots in CNC Machines\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-banner.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Uncovering Security Blind Spots in CNC Machines\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-banner.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.980938528669\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1436047475\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"9.317697228145\">\n<div class=\"article-details\" role=\"heading\" readability=\"38.251599147122\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__description\">Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the doors for cybercriminals looking to abuse networked industrial equipment such as CNC machines. Our research investigates potential cyberthreats to CNC machines and how manufacturers can mitigate the associated risks.<\/p>\n<p class=\"article-details__author-by\">By: Marco Balduzzi <time class=\"article-details__date\">October 24, 2022<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"46.931467181467\">\n<div readability=\"39.521235521236\">\n<p>The Fourth Industrial Revolution, more commonly known as <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/internet-of-things\/security-in-the-era-of-industry-4-dealing-with-threats-to-smart-manufacturing-environments\" target=\"_blank\" rel=\"noopener\">Industry 4.0<\/a>, has changed the way factories operate. It has heralded the adoption of relatively novel technologies that empower companies to optimize many aspects of manufacturing, including industrial machinery such as computer numerical control (CNC) machines. These machines play a crucial role in production lines, as they wield tools on different axes that allow them to fashion complex parts with speed and precision. CNC machines can move according to their controllers\u2019 parametric programs that can be easily modified to specifications, so a machine running one program can be used to create a whole range of products.<\/p>\n<p>Under Industry 4.0, diverse pieces of manufacturing equipment like CNC machines now come with features that enable network integration and smart connectivity, resulting in reduced downtime and faster turnaround times for manufacturers. But innovation cuts both ways: As they become the norm, <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/internet-of-things\/a-look-into-smart-factories-a-model-of-iiot-innovation\" target=\"_blank\" rel=\"noopener\">connected factories<\/a> inadvertently become appealing targets for cyberattackers looking to sabotage the operations of, steal valuable data from, or spy on smart manufacturing environments. It\u2019s therefore vital for manufacturers to be aware of any dangers that could arise from the interconnectivity of industrial machinery.<\/p>\n<p>In our research, we carried out a range of attack scenarios against CNC controllers using both simulations and real-world machine installations. We conducted our tests on CNC controllers from four vendors that we selected for their worldwide reach and extensive market experience, or for developing technologies that are widely used in the manufacturing industry. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the Cybersecurity and Infrastructure Security Agency (CISA) also provided us with invaluable assistance as a liaison during our discussion with these vendors. As part of our thorough disclosure process, we reached out to the affected vendors in a timely manner, contacting the first back in November 2021. Since then, all of the vendors have taken steps to provide their end users with more secure solutions by improving their documentation, their communication with their respective machine manufacturers, or bettering their security posture by patching vulnerabilities and adding more security features to their offerings. We shared with these vendors the findings from our research, through which we identified various attack classes. In this blog entry, we discuss several potential attacks that fall under these classes, as detailed in Table 1.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\" readability=\"6\"> <center readability=\"2\"><\/p>\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"608\">\n<tbody readability=\"8\">\n<tr>\n<td width=\"89\" valign=\"top\"><b>Attack class<\/b><\/td>\n<td width=\"138\" valign=\"top\"><b>Attack <\/b><\/td>\n<td width=\"72\" valign=\"top\"><b>Haas <\/b><\/td>\n<td width=\"96\" valign=\"top\"><b>Okuma<\/b><\/td>\n<td width=\"86\" valign=\"top\"><b>Heidenhain<\/b><\/td>\n<td width=\"64\" valign=\"top\"><b>Fanuc<\/b><\/td>\n<td width=\"63\" valign=\"top\"><b>Total<\/b><\/td>\n<\/tr>\n<tr>\n<td width=\"89\" valign=\"top\">Compromise<\/td>\n<td width=\"138\" valign=\"top\">Remote code execution<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\" valign=\"top\">3<\/td>\n<\/tr>\n<tr>\n<td width=\"89\" rowspan=\"5\" valign=\"top\">Damage<\/td>\n<td width=\"138\">Disabling feed hold<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">&nbsp;<\/td>\n<td width=\"86\" valign=\"top\">&nbsp;<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\">1<\/td>\n<\/tr>\n<tr>\n<td width=\"138\">Disabling single step<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">&nbsp;<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\">2<\/td>\n<\/tr>\n<tr>\n<td width=\"138\">Increasing the tool life<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\">3<\/td>\n<\/tr>\n<tr>\n<td width=\"138\">Increasing the tool load<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">&nbsp;<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\">3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"138\" valign=\"top\">Changing the tool geometry<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\" valign=\"top\">4<\/td>\n<\/tr>\n<tr>\n<td width=\"89\" rowspan=\"6\" valign=\"top\">Denial of service<\/td>\n<td width=\"138\">Decreasing the tool life<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\">3<\/td>\n<\/tr>\n<tr>\n<td width=\"138\" valign=\"top\">Decreasing the tool load<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">&nbsp;<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\" valign=\"top\">3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"138\" valign=\"top\">Changing the tool geometry<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\" valign=\"top\">4<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"138\" valign=\"top\">DoS via parametric program<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\" valign=\"top\">4<\/td>\n<\/tr>\n<tr>\n<td width=\"138\" valign=\"top\">Triggering custom alarms<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">&nbsp;<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\" valign=\"top\">2<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"138\" valign=\"top\">Ransomware<\/td>\n<td width=\"72\" valign=\"top\">\u221a (network share)<\/td>\n<td width=\"96\" valign=\"top\">\u221a (network share or THINC API)<\/td>\n<td width=\"86\" valign=\"top\">\u221a (network share)<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\" valign=\"top\">3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"89\" rowspan=\"3\" valign=\"top\">Hijacking<\/td>\n<td width=\"138\" valign=\"top\">Changing the tool geometry<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\" valign=\"top\">4<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"138\" valign=\"top\">Hijacking a parametric program<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\" valign=\"top\">4<\/td>\n<\/tr>\n<tr>\n<td width=\"138\">Program rewrite<\/td>\n<td width=\"72\" valign=\"top\">&nbsp;<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\">3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"89\" rowspan=\"3\" valign=\"top\">Data theft<\/td>\n<td width=\"138\" valign=\"top\">Theft of production information<\/td>\n<td width=\"72\" valign=\"top\">\u221a<\/td>\n<td width=\"96\" valign=\"top\">\u221a<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">\u221a<\/td>\n<td width=\"63\" valign=\"top\">4<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td width=\"138\" valign=\"top\">Theft of program code<\/td>\n<td width=\"72\" valign=\"top\">&nbsp;<\/td>\n<td width=\"96\" valign=\"top\">\u221a (MTConnect or THINC API)<\/td>\n<td width=\"86\" valign=\"top\">\u221a (DNC)<\/td>\n<td width=\"64\" valign=\"top\">\u221a (FOCAS)<\/td>\n<td width=\"63\" valign=\"top\">3<\/td>\n<\/tr>\n<tr>\n<td width=\"138\">Theft via screenshots<\/td>\n<td width=\"72\" valign=\"top\">&nbsp;<\/td>\n<td width=\"96\" valign=\"top\">&nbsp;<\/td>\n<td width=\"86\" valign=\"top\">\u221a<\/td>\n<td width=\"64\" valign=\"top\">&nbsp;<\/td>\n<td width=\"63\">1<\/td>\n<\/tr>\n<tr>\n<td width=\"89\" valign=\"top\">&nbsp;<\/td>\n<td width=\"138\" valign=\"top\"><b>Total<\/b><\/td>\n<td width=\"72\" valign=\"top\">15<\/td>\n<td width=\"96\" valign=\"top\">14<\/td>\n<td width=\"86\" valign=\"top\">15<\/td>\n<td width=\"64\" valign=\"top\">10<\/td>\n<td width=\"63\" valign=\"top\">&nbsp;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span class=\"rte-icon-component-text\">Table 1. A summary of the attacks we identified in our research<\/span><\/p>\n<p><\/center> <\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36\">\n<div readability=\"17\">\n<h2><span class=\"body-subhead-title\">Attacks that could cause damage<\/span><\/h2>\n<p>The tools used by CNC machines are measured for their geometry, such as their length and radius, to make sure these tools are suited to producing a specific piece. These measurements are taken by human operators or are done automatically during a CNC machine\u2019s tuning phase. However, tampering with these measurements is one way in which malicious actors could cause damage to the machine itself, its parts, or the piece it\u2019s working on. We found that all four CNC controller vendors that were part of this research were susceptible to this kind of attack. In one attack scenario, we created a 3D-printed plastic tool to demonstrate how a CNC machine\u2019s tool could crash against the raw piece it\u2019s working on because of negative overflow, after we set the CNC controller\u2019s wear value to \u201310 mm (Figure 1).&nbsp;&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-01.png\" alt=\"Figure 1. The 3D-printed tool we printed in plastic for our experiment (top), which crashed against the raw material (bottom)\"><figcaption>Figure 1. The 3D-printed tool we printed in plastic for our experiment (top), which crashed against the raw material (bottom)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"48.78527607362\">\n<div readability=\"42.811568799299\">\n<h2><span class=\"body-subhead-title\">Denial-of-service attacks<\/span><\/h2>\n<p>In this section, we discuss threat scenarios in which attackers attempt to drive down a manufacturer\u2019s efficiency by sabotaging its production process. Of the attack classes outlined in our research, the denial-of-service (DoS) category has the largest number of potential attacks, including:<\/p>\n<p><b>Triggering custom alarms<\/b><\/p>\n<p>False alarms are another way malicious actors could disrupt the manufacturing process. CNC machines have built-in alarms that warn of faulty conditions in hardware, but they can also be configured with custom alarms for errors in software. When these alarms are set off, the CNC machine stops operating and needs a human operator\u2019s intervention to continue. An attacker who has infiltrated a connected factory could trigger these software-related alarms, abruptly interrupting production. CNC controllers from two vendors involved in this research were exposed to this attack.<\/p>\n<p><b>Changing the tool geometry<\/b><\/p>\n<p>A CNC machine\u2019s tool geometry gradually changes; its cutting edge, for one, becomes duller from continuous use. A CNC machine uses the \u201cwear\u201d parameter to compensate for such changes over time and reposition the tool so it can maintain the quality of the pieces in production. Malicious actors could mount different kinds of attacks, including DoS, by simply altering a tool\u2019s geometry. For example, an attacker could configure a vertical milling machine\u2019s wear parameter to be more than the length of the tool itself, which would instruct the mill to operate in midair, unable to touch the piece. Our tests revealed that CNC controllers from all four vendors that we tested were exposed to this kind of attack.<\/p>\n<p><b>Ransomware<\/b><\/p>\n<p>Not even CNC machines are immune to <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/ransomware\" target=\"_blank\" rel=\"noopener\">ransomware<\/a> attacks. In one scenario, malicious actors could lock down a CNC machine or encrypt its files, effectively stopping production until the manufacturer meets their demands. Attackers could carry out a ransomware attack by using an unauthenticated network share to access a CNC machine\u2019s files, abusing a malicious application to make operating system calls, or planting a script in a machine to lock its screen (Figure 2). Our results showed that machines from three of the four controller vendors that we tested were at risk of ransomware attacks.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-02-2.png\" alt=\"Figure 2. A Visual Basic script used to lock a CNC machine\u2019s screen as part of our simulated ransomware attack\"><figcaption>Figure 2. A Visual Basic script used to lock a CNC machine\u2019s screen as part of our simulated ransomware attack<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37\">\n<div readability=\"19\">\n<h2><span class=\"body-subhead-title\">Hijacking<\/span><\/h2>\n<p>Attackers seeking to control the production process could do so by hijacking a CNC controller. There are different ways malicious actors could carry out hijacking attacks, such as:<\/p>\n<p><b>Changing the tool geometry<\/b><\/p>\n<p>In this kind of attack, a malicious actor with extensive knowledge of the manufacturing process could seize control of a CNC controller to misconfigure its tool geometry in such a way that would lead to micro-defects in produced pieces. As part of an attack scenario, we developed a program instructing a CNC machine to engrave traces 5.05 mm deep in a piece of raw metal and were able to conduct attacks that modified the program\u2019s wear parameters so that the CNC machine makes engravings that were only 4.80 mm in depth (Figure 3). Flaws such as this would be so minimal that they might slip past quality control measures, resulting in a costly product recall or a blow to the reputation of a manufacturing company. We found that all four CNC controller vendors that we tested were at risk of this kind of hijacking attack.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-03.png\" alt=\"Figure 3. The correct engraving measurement as indicated by the caliper (left) and the defective engraving as shown by the caliper (right)\"><figcaption>Figure 3. The correct engraving measurement as indicated by the caliper (left) and the defective engraving as shown by the caliper (right)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<p><b>Hijacking parametric programs<\/b><\/p>\n<p>Another way a malicious actor could introduce defects in pieces is by hijacking a CNC controller\u2019s parametric program. To do this, an attacker would need to set a program\u2019s variables to an arbitrary value, which would alter the pieces in a way that would fail to meet product specifications.&nbsp;For example, we simulated such an attack on a CNC controller and were able to modify a parametric program designed to make a tool drill two holes (Figure 5) and instruct the tool to instead drill 25 holes (Figure 6). Machines from all four vendors involved in this research were vulnerable to this kind of attack.&nbsp;&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-04-2.png\" alt=\"Figure 4. A parametric program executing two holes as part of a legitimate operation\"><figcaption>Figure 4. A parametric program executing two holes as part of a legitimate operation<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-05-2.png\" alt=\"Figure 5. The same parametric program executing 25 holes after a hijacking attack\"><figcaption>Figure 5. The same parametric program executing 25 holes after a hijacking attack<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37\">\n<div readability=\"19\">\n<h2><span class=\"body-subhead-title\">Data theft<\/span><\/h2>\n<p>There\u2019s a wealth of data in CNC controllers that might attract the attention of malicious actors, who could attempt to access this information by various means. These attacks include:<\/p>\n<p><b>Theft of program code<\/b><\/p>\n<p>The programs used to maneuver CNC machines are among a manufacturer\u2019s most sensitive intellectual property, as these contain the details of how to make a specific part. Attackers could remotely access a program that a CNC controller is running by way of an unprotected network that the CNC controller is connected to, or by installing a malicious application in the machine\u2019s controller. And because they\u2019re written in G-code and are not compiled, these programs are easy to reverse-engineer. In one of our experiments, we found that an exposed MTConnect interface used to monitor CNC machines might also be abused by attackers, who could pool this service to pilfer the source code of a CNC controller&#8217;s executed program (Figure 6). Three of the four vendors that we tested were vulnerable to this attack.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-06.png\" alt=\"Figure 6. Dumping of the executed program\u2019s source code via an unauthenticated and exposed MTConnect agent\"><figcaption>Figure 6. Dumping of the executed program\u2019s source code via an unauthenticated and exposed MTConnect agent<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p><b>Theft of production information<\/b><\/p>\n<p>CNC controllers contain valuable information that help manufacturers cut down costs and remotely track their production processes. This includes what work programs, tools, and production rates are involved in the manufacturing of a specific piece. An attacker, for example, could extract all this data from a CNC controller using dedicated calls that require no authentication or have any resource access controls (Figure 7). We were able to conduct this kind of attack on CNC controllers from all four vendors that we tested.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-07.png\" alt=\"Figure 7. An example of production data leaked from a CNC machine installation during our testing\"><figcaption>Figure 7. An example of production data leaked from a CNC machine installation during our testing<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.051693404635\">\n<div readability=\"16.299465240642\">\n<h2><span class=\"body-subhead-title\">Shoring up CNC machines\u2019 defenses against cyberthreats<\/span><\/h2>\n<p>Manufacturing companies stand to gain competitive advantage from harnessing emerging technologies as part of their digital transformation. But in doing so, they could also broaden their attack surface, giving cybercriminals more opportunities to strike. To thwart the threats that come with digitizing production lines, these companies can turn to best practices such as the following for their CNC controllers:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Installing industrial intrusion prevention and detection systems (IPS\/IDSs), which can help manufacturers detect malicious activity in their networks by monitoring traffic in real time.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Segmenting networks, which can effectively limit access privileges to only users who need them, like end users and operators of CNC machines. Standard security technologies like virtual local area networks (VLANs) and firewalls go a long way toward lessening the exposure of CNC machines\u2019 interfaces from unauthorized access.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Keeping the software, services, and applications that CNC machines use up to date with <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/security-technology\/security-101-virtual-patching\" target=\"_blank\" rel=\"noopener\">the latest patches<\/a>, which helps deter malicious actors from exploiting vulnerabilities.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Correctly configuring CNC machines according to the controller vendor&#8217;s guidelines and advisories, such as its recommendations regarding enabling encryption and authentication where applicable.<\/span><\/li>\n<\/ul>\n<p>We&#8217;ll present this research at&nbsp;<a href=\"https:\/\/www.icscybersecurityconference.com\/?utm_source=bw&amp;utm_medium=release&amp;utm_campaign=pr\" target=\"_blank\" rel=\"noopener\">the Industrial Control Systems (ICS) Cyber Security Conference<\/a> in Atlanta this month and at&nbsp;<a href=\"https:\/\/www.blackhat.com\/eu-22\/\" target=\"_blank\" rel=\"noopener\">Black Hat Europe<\/a> in London in December. Learn more about our technical analysis of the security posture of CNC machines in our research paper&nbsp;<a href=\"https:\/\/research.trendmicro.com\/cncmachinesecurity\" target=\"_blank\" rel=\"noopener\">\u201cThe Security Risks Faced by CNC Machines in Industry 4.0.\u201d<\/a><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the doors for cybercriminals looking to abuse networked industrial equipment such as CNC machines. Our research investigates potential cyberthreats to CNC machines and how manufacturers can mitigate the associated risks. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":48994,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9511,9514,9509],"class_list":["post-48993","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-iot","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Uncovering Security Blind Spots in CNC Machines 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Uncovering Security Blind Spots in CNC Machines 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-24T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-banner.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Uncovering Security Blind Spots in CNC Machines\",\"datePublished\":\"2022-10-24T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/\"},\"wordCount\":1991,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/uncovering-security-blind-spots-in-cnc-machines.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : IoT\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/\",\"name\":\"Uncovering Security Blind Spots in CNC Machines 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/uncovering-security-blind-spots-in-cnc-machines.png\",\"datePublished\":\"2022-10-24T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/uncovering-security-blind-spots-in-cnc-machines.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/uncovering-security-blind-spots-in-cnc-machines.png\",\"width\":761,\"height\":1141},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/uncovering-security-blind-spots-in-cnc-machines\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Uncovering Security Blind Spots in CNC Machines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Uncovering Security Blind Spots in CNC Machines 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/","og_locale":"en_US","og_type":"article","og_title":"Uncovering Security Blind Spots in CNC Machines 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-10-24T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/j\/uncovering-security-blind-spots-in-cnc-machines\/CNC-Machines-102022-banner.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Uncovering Security Blind Spots in CNC Machines","datePublished":"2022-10-24T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/"},"wordCount":1991,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/uncovering-security-blind-spots-in-cnc-machines.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : IoT","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/","url":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/","name":"Uncovering Security Blind Spots in CNC Machines 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/uncovering-security-blind-spots-in-cnc-machines.png","datePublished":"2022-10-24T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/uncovering-security-blind-spots-in-cnc-machines.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/uncovering-security-blind-spots-in-cnc-machines.png","width":761,"height":1141},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/uncovering-security-blind-spots-in-cnc-machines\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Uncovering Security Blind Spots in CNC Machines"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48993"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48993\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48994"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}