CVE-2025-7731
📋 TL;DR
This vulnerability allows remote unauthenticated attackers to intercept SLMP communication messages in Mitsubishi Electric MELSEC iQ-F Series CPU modules, obtaining credential information in cleartext. Attackers can then use these credentials to read/write device values and stop program operations. Industrial control systems using these vulnerable PLCs are affected.
💻 Affected Systems
- Mitsubishi Electric MELSEC iQ-F Series CPU modules
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of industrial control system allowing attackers to manipulate physical processes, halt production lines, cause equipment damage, and potentially create safety hazards.
Likely Case
Unauthorized access to PLC data and program manipulation leading to production disruption, data theft, and operational interference.
If Mitigated
Limited impact if network segmentation and encryption controls prevent interception of SLMP traffic.
🎯 Exploit Status
Attack requires network access to intercept unencrypted SLMP traffic but no authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates as specified in vendor advisory
Vendor Advisory: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-012_en.pdf
Restart Required: Yes
Instructions:
1. Download firmware update from Mitsubishi Electric support portal. 2. Backup PLC program and configuration. 3. Apply firmware update following vendor instructions. 4. Verify update completion and restore program if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate MELSEC iQ-F Series devices in separate VLANs with strict firewall rules to prevent unauthorized access.
VPN/Encryption Tunnel
allImplement encrypted communication channels (VPN/IPsec) for all SLMP traffic between engineering stations and PLCs.
🧯 If You Can't Patch
- Implement strict network access controls allowing only authorized engineering stations to communicate with PLCs.
- Deploy network monitoring and intrusion detection specifically for SLMP protocol anomalies.
🔍 How to Verify
Check if Vulnerable:
Check firmware version on MELSEC iQ-F Series CPU modules via engineering software (GX Works3) and compare against patched versions in vendor advisory.Check Version:
Use GX Works3 software to read CPU module firmware version from connected PLC.Verify Fix Applied:
Confirm firmware version is updated to patched version and test SLMP communication with packet capture to verify encryption/authentication.📡 Detection & Monitoring
Log Indicators:
- Unauthorized SLMP connection attempts
- Multiple failed authentication attempts on PLC
- Unexpected program stop/start events
Network Indicators:
- Unencrypted SLMP traffic on network segments
- SLMP packets with suspicious source IPs
- Abnormal SLMP command patterns
SIEM Query:
source_port:9600 OR dest_port:9600 AND (protocol:SLMP OR protocol:UDP) AND NOT (src_ip IN [authorized_engineering_stations])