← Back to home
ICSA-25-128-03  ·  Published 2026-04-30  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric Multiple FA Products (Update C)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition, a timeout error, or a communication delay by sending a specially crafted UDP packet to the product.

CVEs (1)

Remediations

  • Mitsubishi Electric is releasing fixed version 10 or later for CC-Link IE TSN Remote I/O modules NZ2GN2S1-32D, NZ2GN2S1-32T, NZ2GN2S1-32TE, NZ2GN2S1-32DT, NZ2GN2S1-32DTE, NZ2GN2B1-32D, NZ2GN2B1-32T, NZ2GN2B1-32TE, NZ2GN2B1-32DT, NZ2GN2B1-32DTE, NZ2GNCF1-32D, NZ2GNCF1-32T, NZ2GNCE3-32D, NZ2GNCE3-32DT, NZ2GN12A4-16D, NZ2GN12A4-16DE, NZ2GN12A2-16T, NZ2GN12A2-16TE, NZ2GN12A42-16DT, NZ2GN12A42-16DTE, NZ2GN2S1-16D, NZ2GN2S1-16T, NZ2GN2S1-16TE, NZ2GN2B1-16D, NZ2GN2B1-16T, and NZ2GN2B1-16TE. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf."
  • Mitsubishi Electric is releasing fixed version 08 or later for CC-Link IE TSN Analog-Digital Converter modules NZ2GN2S-60AD4 and NZ2GN2B-60AD4. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 08 or later for CC-Link IE TSN Digital-Analog Converter modules NZ2GN2S-60DA4 and NZ2GN2B-60DA4. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 02 or later for CC-Link IE TSN FPGA modules NZ2GN2S-D41P01, NZ2GN2S-D41D01, and NZ2GN2S-D41PD02. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 1.09K or later for CC-Link IE TSN Remote Station Communication LSIs CP620 with GbE-PHY NZ2GACP620-300 or NZ2GACP620-60. Please download the CP620 sample code from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 28 or later for MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-T2. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 13 or later for MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-EIP. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 07 or later for MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-SX. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 86 or later for MELSEC iQ-R Series Ethernet Interface Module RJ71EN71. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 06 or later for CC-Link IE TSN master/local Station Communication LSIs CP610 NZ2GACP610-60 and NZ2KT-NPETNG51. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 1.030 or later for MELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module FX5-CCLGN-MS. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 1.210 or later for MELSEC iQ-F Series FX5 Ethernet Module FX5-ENET. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • Mitsubishi Electric is releasing fixed version 1.107 or later for MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP. Please download the fixed update file from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf".
  • For customers of the affected products, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required, to minimize the risk of exploiting this vulnerability.
  • For customers of the affected products, Mitsubishi Electric recommends using within a LAN and blocking access from untrusted networks and hosts through firewalls, to minimize the risk of exploiting this vulnerability.
  • For customers of the affected products, Mitsubishi Electric recommends restricting physical access to the products and the LAN to which they are connected, to minimize the risk of exploiting this vulnerability.
  • For customers of the affected products, Mitsubishi Electric recommends installing anti-virus software on your PC that can access the affected product, to minimize the risk of exploiting this vulnerability.

Affected Vendors

Mitsubishi Electric

Affected Products (44)

Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-32D <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-32T <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-32TE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-32DT <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-32DTE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-32D <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-32T <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-32TE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-32DT <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-32DTE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GNCF1-32D <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GNCF1-32T <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GNCE3-32D <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GNCE3-32DT <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN12A4-16D <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN12A4-16DE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN12A2-16T <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN12A2-16TE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN12A42-16DT <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN12A42-16DTE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-16D <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-16T <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2S1-16TE <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-16D <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-16T <=09
Mitsubishi Electric · CC-Link IE TSN Remote I/O module NZ2GN2B1-16TE <=09
Mitsubishi Electric · CC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4 <=07
Mitsubishi Electric · CC-Link IE TSN Analog-Digital Converter module NZ2GN2B-60AD4 <=07
Mitsubishi Electric · CC-Link IE TSN Digital-Analog Converter module NZ2GN2S-60DA4 <=07
Mitsubishi Electric · CC-Link IE TSN Digital-Analog Converter module NZ2GN2B-60DA4 <=07
Mitsubishi Electric · CC-Link IE TSN FPGA module NZ2GN2S-D41P01 01
Mitsubishi Electric · CC-Link IE TSN FPGA module NZ2GN2S-D41D01 01
Mitsubishi Electric · CC-Link IE TSN FPGA module NZ2GN2S-D41PD02 01
Mitsubishi Electric · CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300 <=1.08J
Mitsubishi Electric · CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-60 <=1.08J
Mitsubishi Electric · MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-T2 <=26
Mitsubishi Electric · MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-EIP <=10
Mitsubishi Electric · MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-SX <=05
Mitsubishi Electric · MELSEC iQ-R Series Ethernet Interface Module RJ71EN71 <=85
Mitsubishi Electric · CC-Link IE TSN master/local Station Communication LSI CP610 NZ2GACP610-60 <=05
Mitsubishi Electric · CC-Link IE TSN master/local Station Communication LSI CP610 NZ2KT-NPETNG51 <=05
Mitsubishi Electric · MELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module FX5-CCLGN-MS <=1.020
Mitsubishi Electric · MELSEC iQ-F Series FX5 Ethernet Module FX5-ENET <=1.200
Mitsubishi Electric · MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP <=1.106

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more