CVE-2025-8531 (GCVE-0-2025-8531)
Vulnerability from cvelistv5
Published
2025-09-19 09:30
Modified
2025-09-19 11:46
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Summary
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. "24082" to "27081" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People's Republic of China, and is normally disabled.
References
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jphttps://jvn.jp/vu/JVNVU97846038/
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jphttps://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q04UDVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q06UDVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q13UDVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q26UDVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q04UDPVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q06UDPVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q13UDPVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
   Mitsubishi Electric Corporation MELSEC-Q Series Q26UDPVCPU Version: The first 5 digits of serial No. "24082" to "27081"
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8531",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-19T11:46:02.489151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-19T11:46:19.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"24082\" to \"27081\""
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People\u0027s Republic of China, and is normally disabled."
            }
          ],
          "value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People\u0027s Republic of China, and is normally disabled."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-Service (DoS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T09:30:21.832Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU97846038/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2025-8531",
    "datePublished": "2025-09-19T09:30:21.832Z",
    "dateReserved": "2025-08-04T08:24:14.341Z",
    "dateUpdated": "2025-09-19T11:46:19.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-8531\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2025-09-19T10:15:36.807\",\"lastModified\":\"2025-09-19T16:00:27.847\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People\u0027s Republic of China, and is normally disabled.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-130\"}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU97846038/\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8531\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-19T11:46:02.489151Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-19T11:46:07.016Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial-of-Service (DoS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q03UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q04UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q06UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q13UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q26UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q04UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q06UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q13UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q26UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\"\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU97846038/\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People\u0027s Republic of China, and is normally disabled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \\\"24082\\\" to \\\"27081\\\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People\u0027s Republic of China, and is normally disabled.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-130\", \"description\": \"CWE-130 Improper Handling of Length Parameter Inconsistency\"}]}], \"providerMetadata\": {\"orgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"shortName\": \"Mitsubishi\", \"dateUpdated\": \"2025-09-19T09:30:21.832Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-8531\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-19T11:46:19.666Z\", \"dateReserved\": \"2025-08-04T08:24:14.341Z\", \"assignerOrgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"datePublished\": \"2025-09-19T09:30:21.832Z\", \"assignerShortName\": \"Mitsubishi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.