← Back to home
ICSA-25-184-03  ·  Published 2026-02-05  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSOFT Update Manager (Update B)

CVSS 8.2 HIGH CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, tamper with information, or cause a denial-of-service (DoS) condition.

CVEs (2)

Remediations

  • For customers in Japan: Please download version 1.013P or later from the download site (in Japanese), and follow the update procedure described later. (1) First, extract the download file (in zip format). (2) Second, run "setup.exe" in the extracted folder to install (https://www.mitsubishielectric.co.jp/fa/download/index.html).
  • For customers outside Japan: For information about how to install the fixed version, please contact your local Mitsubishi Electric representative (https://www.mitsubishielectric.com/fa/support/index.html).
  • For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within the LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploiting this vulnerability.
  • For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), etc. to prevent unauthorized access and allow only trusted users to remote login, when connecting the PC with the affected product to the internet, to minimize the risk of exploiting this vulnerability.
  • For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected to, to prevent unauthorized physical access and minimize the risk of exploiting this vulnerability.
  • For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends preventing the user from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploiting this vulnerability.
  • For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends installing antivirus software on the PC with the affected product, to minimize the risk of exploiting this vulnerability.
  • For more information, see Mitsubishi Electric 2025-006 (https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-006_en.pdf).

Affected Vendors

Mitsubishi Electric

Affected Products (1)

Mitsubishi Electric · MELSOFT Update Manager SW1DND-UDM-M >=1.000A|<=1.012N

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more