CVE-2025-3699

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation G-50 versions 3.37 and prior Mitsubishi Electric Corporation G-50-W versions 3.37 and prior Mitsubishi Electric Corporation G-50A versions 3.37 and prior Mitsubishi Electric Corporation GB-50 versions 3.37 and prior Mitsubishi Electric Corporation GB-50A versions 3.37 and prior Mitsubishi Electric Corporation GB-24A versions 9.12 and prior Mitsubishi Electric Corporation G-150AD versions 3.21 and prior Mitsubishi Electric Corporation AG-150A-A versions 3.21 and prior Mitsubishi Electric Corporation AG-150A-J versions 3.21 and prior Mitsubishi Electric Corporation GB-50AD versions 3.21 and prior Mitsubishi Electric Corporation GB-50ADA-A versions 3.21 and prior Mitsubishi Electric Corporation GB-50ADA-J versions 3.21 and prior Mitsubishi Electric Corporation EB-50GU-A versions 7.11 and prior Mitsubishi Electric Corporation EB-50GU-J versions 7.11 and prior Mitsubishi Electric Corporation AE-200J versions 8.01 and prior Mitsubishi Electric Corporation AE-200A versions 8.01 and prior Mitsubishi Electric Corporation AE-200E versions 8.01 and prior Mitsubishi Electric Corporation AE-50J versions 8.01 and prior Mitsubishi Electric Corporation AE-50A versions 8.01 and prior Mitsubishi Electric Corporation AE-50E versions 8.01 and prior Mitsubishi Electric Corporation EW-50J versions 8.01 and prior Mitsubishi Electric Corporation EW-50A versions 8.01 and prior Mitsubishi Electric Corporation EW-50E versions 8.01 and prior Mitsubishi Electric Corporation TE-200A versions 8.01 and prior Mitsubishi Electric Corporation TE-50A versions 8.01 and prior Mitsubishi Electric Corporation TW-50A versions 8.01 and prior Mitsubishi Electric Corporation CMS-RMD-J versions 1.40 and prior

Description: The issue allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.