CVE-2025-3511

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module (affected versions not specified) Mitsubishi Electric Corporation CC-Link IE TSN Analog-Digital Converter module (affected versions not specified) Mitsubishi Electric Corporation CC-Link IE TSN Digital-Analog Converter module (affected versions not specified) Mitsubishi Electric Corporation CC-Link IE TSN FPGA module (affected versions not specified) Mitsubishi Electric Corporation CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY (affected versions not specified)

Description The issue is related to improper validation of specified quantity in input, which allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted UDP packets.

Recommendations For Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, consider restricting access to the module to minimize the risk of exploitation until a fix is available. For Mitsubishi Electric Corporation CC-Link IE TSN Analog-Digital Converter module, consider disabling the module temporarily to prevent Denial of Service conditions. For Mitsubishi Electric Corporation CC-Link IE TSN Digital-Analog Converter module, restrict the use of the module to authorized personnel only. For Mitsubishi Electric Corporation CC-Link IE TSN FPGA module, avoid using the module for critical operations until the issue is resolved. For Mitsubishi Electric Corporation CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, limit the communication to trusted sources to reduce the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.