CVE-2025-3755
📋 TL;DR
A critical vulnerability in Mitsubishi Electric MELSEC iQ-F Series CPU modules allows remote unauthenticated attackers to read sensitive information, disrupt MELSOFT connections, or completely stop CPU module operation by sending specially crafted packets. This affects industrial control systems using these programmable logic controllers, requiring physical reset for recovery.
💻 Affected Systems
- Mitsubishi Electric MELSEC iQ-F Series CPU modules
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete shutdown of industrial processes, production stoppage, safety system disruption, and potential physical damage requiring factory reset and manual recovery.
Likely Case
Temporary denial of service affecting production lines or industrial processes, requiring manual intervention and reset to restore operations.
If Mitigated
Limited impact if network segmentation prevents direct access, but still vulnerable to internal threats or compromised network segments.
🎯 Exploit Status
Remote unauthenticated exploitation with specially crafted packets makes this highly attractive for attackers targeting industrial systems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware update as specified in vendor advisory
Vendor Advisory: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf
Restart Required: Yes
Instructions:
1. Download firmware update from Mitsubishi Electric support portal. 2. Backup current configuration and programs. 3. Apply firmware update following vendor instructions. 4. Verify update completion and restore configuration if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate MELSEC iQ-F Series devices in separate VLANs with strict firewall rules
Access Control Lists
allImplement network ACLs to restrict access to only trusted IP addresses and required ports
🧯 If You Can't Patch
- Implement strict network segmentation and zero-trust architecture around affected devices
- Deploy industrial IDS/IPS with signatures for MELSEC protocol anomalies
🔍 How to Verify
Check if Vulnerable:
Check firmware version on MELSEC iQ-F Series CPU modules against vendor advisoryCheck Version:
Use MELSOFT engineering software to read CPU module firmware versionVerify Fix Applied:
Verify firmware version has been updated to patched version and test MELSOFT connectivity📡 Detection & Monitoring
Log Indicators:
- Unusual MELSOFT connection attempts
- CPU module stop/reset events
- Multiple failed connection attempts from single source
Network Indicators:
- Malformed packets to MELSEC protocol ports (typically 5006/UDP, 5007/TCP)
- Unusual traffic patterns to PLC network segments
SIEM Query:
source_ip=* AND (dest_port=5006 OR dest_port=5007) AND packet_size>normal_range