CVE-2025-3699 (GCVE-0-2025-3699)
Vulnerability from cvelistv5
Published
2025-06-26 22:40
Modified
2025-07-01 19:24
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-306 - Missing Authentication for Critical Function
Summary
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
References
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jphttps://jvn.jp/vu/JVNVU96471539/
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jphttps://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jphttps://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation G-50 Version: Ver.3.37 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation G-50-W Version: Ver.3.37 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation G-50A Version: Ver.3.37 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation GB-50 Version: Ver.3.37 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation GB-50A Version: Ver.3.37 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation GB-24A Version: Ver.9.12 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation G-150AD Version: Ver.3.21 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AG-150A-A Version: Ver.3.21 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AG-150A-J Version: Ver.3.21 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation GB-50AD Version: Ver.3.21 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation GB-50ADA-A Version: Ver.3.21 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation GB-50ADA-J Version: Ver.3.21 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation EB-50GU-A Version: Ver.7.11 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation EB-50GU-J Version: Ver.7.11 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AE-200J Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AE-200A Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AE-200E Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AE-50J Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AE-50A Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation AE-50E Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation EW-50J Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation EW-50A Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation EW-50E Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation TE-200A Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation TE-50A Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation TW-50A Version: Ver.8.01 and prior
 Create a notification for this product.
   Mitsubishi Electric Corporation CMS-RMD-J Version: Ver.1.40 and prior
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T19:23:59.612308Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T19:24:14.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "G-50",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.37 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G-50-W",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.37 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G-50A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.37 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GB-50",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.37 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GB-50A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.37 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GB-24A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.9.12 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G-150AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.21 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AG-150A-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.21 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AG-150A-J",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.21 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GB-50AD",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.21 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GB-50ADA-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.21 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GB-50ADA-J",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.21 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EB-50GU-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.7.11 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EB-50GU-J",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.7.11 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AE-200J",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AE-200A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AE-200E",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AE-50J",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AE-50A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AE-50E",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EW-50J",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EW-50A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EW-50E",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TE-200A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TE-50A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TW-50A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.8.01 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMS-RMD-J",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.40 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information."
            }
          ],
          "value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T09:12:26.106Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU96471539/"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2025-3699",
    "datePublished": "2025-06-26T22:40:37.915Z",
    "dateReserved": "2025-04-16T04:10:19.080Z",
    "dateUpdated": "2025-07-01T19:24:14.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-3699\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2025-06-26T23:15:22.177\",\"lastModified\":\"2025-06-30T18:38:48.477\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de autenticaci\u00f3n faltante para funci\u00f3n cr\u00edtica en Mitsubishi Electric Corporation G-50 versi\u00f3n 3.37 y anteriores, G-50-W versi\u00f3n 3.37 y anteriores, G-50A versi\u00f3n 3.37 y anteriores, GB-50 versi\u00f3n 3.37 y anteriores, GB-50A versi\u00f3n 3.37 y anteriores, GB-24A versi\u00f3n 9.12 y anteriores, G-150AD versi\u00f3n 3.21 y anteriores, AG-150A-A versi\u00f3n 3.21 y anteriores, AG-150A-J versi\u00f3n 3.21 y anteriores, GB-50AD versi\u00f3n 3.21 y anteriores, GB-50ADA-A versi\u00f3n 3.21 y anteriores, GB-50ADA-J versi\u00f3n 3.21 y anteriores, EB-50GU-A versi\u00f3n 7.11 y anteriores, EB-50GU-J versi\u00f3n 7.11 y anteriores, AE-200J versi\u00f3n 8.01 y anteriores. AE-200A versi\u00f3n 8.01 y anteriores, AE-200E versi\u00f3n 8.01 y anteriores, AE-50J versi\u00f3n 8.01 y anteriores, AE-50A versi\u00f3n 8.01 y anteriores, AE-50E versi\u00f3n 8.01 y anteriores, EW-50J versi\u00f3n 8.01 y anteriores, EW-50A versi\u00f3n 8.01 y anteriores, EW-50E versi\u00f3n 8.01 y anteriores, TE-200A versi\u00f3n 8.01 y anteriores, TE-50A versi\u00f3n 8.01 y anteriores, TW-50A versi\u00f3n 8.01 y anteriores, y CMS-RMD-J versi\u00f3n 1.40 y anteriores permiten a un atacante remoto no autenticado eludir la autenticaci\u00f3n y, posteriormente, controlar ilegalmente los sistemas de aire acondicionado o divulgar informaci\u00f3n sobre ellos aprovechando esta vulnerabilidad. Adem\u00e1s, el atacante puede manipular el firmware de los sistemas utilizando la informaci\u00f3n divulgada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU96471539/\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-01T19:23:59.612308Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-01T19:24:10.274Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"G-50\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.37 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"G-50-W\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.37 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"G-50A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.37 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"GB-50\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.37 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"GB-50A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.37 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"GB-24A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.9.12 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"G-150AD\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.21 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AG-150A-A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.21 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AG-150A-J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.21 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"GB-50AD\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.21 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"GB-50ADA-A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.21 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"GB-50ADA-J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.3.21 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"EB-50GU-A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.7.11 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"EB-50GU-J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.7.11 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AE-200J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AE-200A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AE-200E\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AE-50J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AE-50A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"AE-50E\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"EW-50J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"EW-50A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"EW-50E\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"TE-200A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"TE-50A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"TW-50A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.8.01 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"CMS-RMD-J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.1.40 and prior\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU96471539/\", \"tags\": [\"government-resource\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"shortName\": \"Mitsubishi\", \"dateUpdated\": \"2025-06-27T09:12:26.106Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-3699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-01T19:24:14.966Z\", \"dateReserved\": \"2025-04-16T04:10:19.080Z\", \"assignerOrgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"datePublished\": \"2025-06-26T22:40:37.915Z\", \"assignerShortName\": \"Mitsubishi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.