CVE-2025-15080
📋 TL;DR
This vulnerability in Mitsubishi Electric MELSEC iQ-R Series PLCs allows unauthenticated attackers to read sensitive device data and control programs, write unauthorized data, or cause denial of service by sending specially crafted packets. It affects multiple R-series CPU models used in industrial control systems. Attackers can exploit this remotely without authentication.
💻 Affected Systems
- Mitsubishi Electric MELSEC iQ-R Series R08PCPU
- Mitsubishi Electric MELSEC iQ-R Series R16PCPU
- Mitsubishi Electric MELSEC iQ-R Series R32PCPU
- Mitsubishi Electric MELSEC iQ-R Series R120PCPU
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of industrial process control allowing data theft, unauthorized control modifications, and production shutdown leading to safety incidents, environmental damage, or physical harm.
Likely Case
Unauthorized data access and DoS attacks disrupting industrial operations, potentially causing production downtime and operational data theft.
If Mitigated
Limited impact with proper network segmentation and access controls preventing unauthorized network access to PLCs.
🎯 Exploit Status
Vulnerability details are public but no known exploit code is available. The attack requires network access to the PLC's communication port.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Security update provided by Mitsubishi Electric
Vendor Advisory: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-020_en.pdf
Restart Required: Yes
Instructions:
1. Download security update from Mitsubishi Electric support portal. 2. Backup current program and configuration. 3. Apply update using engineering software (MELSOFT). 4. Restart PLC. 5. Verify firmware version.
🔧 Temporary Workarounds
Network Segmentation
allIsolate PLCs from untrusted networks using firewalls and VLANs
Access Control Lists
allRestrict network access to PLC communication ports
Configure firewall rules to restrict access to PLC ports (typically 5006/UDP, 5007/TCP for MELSEC protocol)
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PLCs in dedicated OT network zones
- Deploy industrial intrusion detection systems to monitor for malicious packets targeting PLCs
🔍 How to Verify
Check if Vulnerable:
Check CPU model and firmware version against affected list in vendor advisory. If using affected models without security update, system is vulnerable.Check Version:
Use MELSOFT engineering software to read CPU module information and check firmware version.Verify Fix Applied:
Verify firmware version after update matches patched version specified in vendor advisory using engineering software.📡 Detection & Monitoring
Log Indicators:
- Unusual packet patterns to PLC ports
- Multiple failed or unusual MELSEC protocol commands
- Unexpected PLC restart events
Network Indicators:
- Malformed MELSEC protocol packets
- Unauthorized source IPs accessing PLC ports
- High volume of packets to PLC communication ports
SIEM Query:
source_ip NOT IN (authorized_plc_clients) AND dest_port IN (5006, 5007) AND protocol IN (UDP, TCP)