CVE-2025-3755

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU94070048/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf

Configurations

No configuration.

History

27 Aug 2025, 08:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03 -
Summary		(es) La vulnerabilidad de validación incorrecta del índice, la posición o el desplazamiento especificados en la entrada en los módulos de CPU MELSEC iQ-F de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado lea información del producto, provoque una denegación de servicio (DoS) en la conexión MELSOFT o detenga el funcionamiento del módulo de CPU (lo que provoca una DoS) mediante el envío de paquetes especialmente manipulados. Es necesario reiniciar el producto para su recuperación.

29 May 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-29 05:15

Updated : 2025-08-27 08:15

NVD link : CVE-2025-3755

Mitre link : CVE-2025-3755

CVE.ORG link : CVE-2025-3755

JSON object : View

Products Affected

No product.

CWE

CWE-1285

Improper Validation of Specified Index, Position, or Offset in Input

{"id": "CVE-2025-3755", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-05-29T05:15:20.930", "references": [{"url": "https://jvn.jp/vu/JVNVU94070048/", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "description": [{"lang": "en", "value": "CWE-1285"}]}], "descriptions": [{"lang": "en", "value": "Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery."}, {"lang": "es", "value": "La vulnerabilidad de validaci\u00f3n incorrecta del \u00edndice, la posici\u00f3n o el desplazamiento especificados en la entrada en los m\u00f3dulos de CPU MELSEC iQ-F de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado lea informaci\u00f3n del producto, provoque una denegaci\u00f3n de servicio (DoS) en la conexi\u00f3n MELSOFT o detenga el funcionamiento del m\u00f3dulo de CPU (lo que provoca una DoS) mediante el env\u00edo de paquetes especialmente manipulados. Es necesario reiniciar el producto para su recuperaci\u00f3n."}], "lastModified": "2025-08-27T08:15:33.090", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}