← Back to home
ICSA-26-181-01  ·  Published 2026-06-30  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager.

Remediations

  • Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:
  • Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".
  • For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability.
  • For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability.
  • For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability.
  • For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability.
  • For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability.
  • For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf.

Affected Vendors

Mitsubishi Electric

Affected Products (1)

Mitsubishi Electric · MELSOFT Update Manager SW1DND-UDM-M >=1.000A|<=1.014Q

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more