icsa-25-128-03
Vulnerability from csaf_cisa
Published
2025-05-08 06:00
Modified
2025-10-09 06:00
Summary
Mitsubishi Electric Multiple FA Products (Update A)
Notes
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Risk evaluation
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected products.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Japan
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
{
"document": {
"acknowledgments": [
{
"organization": "Mitsubishi Electric",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected products. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-128-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-128-03.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-128-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-128-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Mitsubishi Electric Multiple FA Products (Update A)",
"tracking": {
"current_release_date": "2025-10-09T06:00:00.000000Z",
"generator": {
"date": "2025-10-08T19:55:30.298234Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-128-03",
"initial_release_date": "2025-05-08T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-05-08T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-10-09T06:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Update to Affected products, Impact, Countermeasures for Customers, Countermeasures for Products have been revised. The affected products RJ71GN11-T2, RJ71GN11-EIP, RJ71GN11-SX, RJ71EN71, NZ2GACP610-60 and NZ2KT-NPETNG51 have been added."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GN2S1-32D/32T/32TE/32DT/32DTE: \u003c=09",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GN2S1-32D/32T/32TE/32DT/32DTE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GN2B1-32D/32T/32TE/32DT/32DTE: \u003c=09",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GN2B1-32D/32T/32TE/32DT/32DTE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GNCF1-32D/32T: \u003c=09",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GNCF1-32D/32T"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GNCE3-32D/32DT: \u003c=09",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GNCE3-32D/32DT"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GN12A4-16D/16DE: \u003c=09",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GN12A4-16D/16DE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GN12A2-16T/16TE: \u003c=09",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GN12A2-16T/16TE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GN12A42-16DT/16DTE: \u003c=09",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GN12A42-16DT/16DTE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GN2S1-16D/16T/16TE: \u003c=09",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GN2S1-16D/16T/16TE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=09",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote I/O module NZ2GN2B1-16D/16T/16TE: \u003c=09",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote I/O module NZ2GN2B1-16D/16T/16TE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=07",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4: \u003c=07",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=07",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Analog-Digital Converter module NZ2GN2B-60AD4: \u003c=07",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Analog-Digital Converter module NZ2GN2B-60AD4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=07",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Digital-Analog Converter module NZ2GN2S-60DA4: \u003c=07",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Digital-Analog Converter module NZ2GN2S-60DA4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=07",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Digital-Analog Converter module NZ2GN2B-60DA4: \u003c=07",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Digital-Analog Converter module NZ2GN2B-60DA4"
},
{
"branches": [
{
"category": "product_version",
"name": "01",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN FPGA module NZ2GN2S-D41P01/D41D01/D41PD02: 01",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN FPGA module NZ2GN2S-D41P01/D41D01/D41PD02"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.08J",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300/60: \u003c=1.08J",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300/60"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=26",
"product": {
"name": "Mitsubishi Electric MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-T2: \u003c=26",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-T2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=10",
"product": {
"name": "Mitsubishi Electric MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-EIP: \u003c=10",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-EIP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=05",
"product": {
"name": "Mitsubishi Electric MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-SX: \u003c=05",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-SX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=85",
"product": {
"name": "Mitsubishi Electric MELSEC iQ-R Series Ethernet Interface Module RJ71EN71: \u003c=85",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "MELSEC iQ-R Series Ethernet Interface Module RJ71EN71"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=05",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN master/local Station Communication LSI CP610 NZ2GACP610-60: \u003c=05",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN master/local Station Communication LSI CP610 NZ2GACP610-60"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=05",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN master/local Station Communication LSI CP610 NZ2KT-NPETNG51: \u003c=05",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN master/local Station Communication LSI CP610 NZ2KT-NPETNG51"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-3511",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "A remote attacker could cause a denial-of-service (DoS) condition in the products by sending specially crafted UDP packets. The threat arises when the affected product does not receive a valid UDP packet within 3 seconds after receiving a specially crafted UDP packet or when the affected product receives a specially crafted UDP packet from a remote attacker. A system reset of the product is required for recovery.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3511"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric recommends that users update to the following:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GN2S1-32D/32T/32TE/32DT/32DTE: Versions 10 or later",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GN2B1-32D/32T/32TE/32DT/32DTE: Versions 10 or later",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GNCF1-32D/32T: Versions 10 or later",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GNCE3-32D/32DT: Versions 10 or later",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GN12A4-16D/16DE: Versions 10 or later",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GN12A2-16T/16TE: Versions 10 or later",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GN12A42-16DT/16DTE: Versions 10 or later",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GN2S1-16D/16T/16TE: Versions 10 or later",
"product_ids": [
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote I/O module NZ2GN2B1-16D/16T/16TE: Versions 10 or later",
"product_ids": [
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4: Versions 08 or later",
"product_ids": [
"CSAFPID-0010"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Analog-Digital Converter module NZ2GN2B-60AD4: Versions 08 or later",
"product_ids": [
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Digital-Analog Converter module NZ2GN2S-60DA4: Versions 08 or later",
"product_ids": [
"CSAFPID-0012"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Digital-Analog Converter module NZ2GN2B-60DA4: Versions 08 or later",
"product_ids": [
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN FPGA module NZ2GN2S-D41P01/D41D01/D41PD02: Versions 02 or later",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300/60: Versions 1.09K or later",
"product_ids": [
"CSAFPID-0015"
]
},
{
"category": "vendor_fix",
"details": "MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-T2: Versions 28 or later",
"product_ids": [
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-EIP: Versions 13 or later",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "vendor_fix",
"details": "MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-SX: Versions 07 or later",
"product_ids": [
"CSAFPID-0018"
]
},
{
"category": "vendor_fix",
"details": "MELSEC iQ-R Series Ethernet Interface Module RJ71EN71: Versions 86 or later",
"product_ids": [
"CSAFPID-0019"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN master/local Station Communication LSI CP610 NZ2GACP610-60: Versions 06 or later",
"product_ids": [
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "CC-Link IE TSN master/local Station Communication LSI CP610 NZ2KT-NPETNG51: Versions 06 or later",
"product_ids": [
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting this vulnerability:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Restrict physical access to the affected products and the LAN to which they are connected.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Install anti-virus software on your PC that can access the product.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "For more information, see Mitsubishi Electric advisory 2025-001.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…