Detections
Analytics

Mitsubishi Electric MELSEC iQ-F Series Improper Validation of Specified Index, Position, or Offset in Input (CVE-2025-3755)

critical Tenable OT Security Plugin ID 503285

Synopsis

The remote OT asset is affected by a vulnerability.

Description

This vulnerability allows a remote attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting this vulnerability:
- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Use IP filter function to block access from untrusted hosts.
- Restrict physical access to the affected products and the LAN that is connected by them.

For specific update instructions and additional details see the Mitsubishi Electric advisory.

See Also

http://www.nessus.org/u?7d9578bc

https://jvn.jp/vu/JVNVU94070048/

Plugin Details

Severity: Critical

ID: 503285

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 7/10/2025

Updated: 7/10/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40m%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-m%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-mr%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60m%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mr%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96m%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64m%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80m%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-mt%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-m%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-m%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mt%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30m%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32m%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mt%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mt%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-mt%2fd_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mr%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mr%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mt%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24m%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-m%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mr%2fz_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-m%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64m%2fdss_firmware

Required KB Items: Tenable.ot/Mitsubishi

Patch Publication Date: 5/29/2025

Vulnerability Publication Date: 5/29/2025

Reference Information

CVE: CVE-2025-3755

CWE: 1285