Mitsubishi Electric MELSEC iQ-R Series

Risk Summary

Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product.

CVEs (1)

Remediations

• Mitsubishi Electric recommends users of the affected products follow the procedure below to update firmware version 49 or later. Download the update file for the fixed version, the engineering software for firmware upgrade, and the manual from the download website at https://www.mitsubishielectric.com/fa/download/index.html . For details on updating the firmware, see MELSEC iQ-R Module Configuration Manual "Appendix 2 Firmware Update Function".
• Mitsubishi Electric recommends the following mitigations to reduce the risk of exploiting this vulnerability: Use a firewall or virtual private network (VPN) block access from untrusted networks and hosts using a firewall. Use the product within a LAN and block access from untrusted networks and hosts through a firewall. Use firewalls, IP filters, and similar controls to minimize connections to the product and prevent access from untrusted networks and hosts. For details on the IP filter function, refer to "IP Filter" in section 1.13, Security, of the MELSEC iQ-R Ethernet User's Manual (Application). Restrict physical access to the affected product and its connected LAN.
• For specific update instructions and additional details see the Mitsubishi Electric advisory at https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-020_en.pdf .
• For further information, contact your local Mitsubishi Electric representative at https://www.mitsubishielectric.com/fa/service-support/index.html .

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing