PT-2025-35445 · Mitsubishi · Melsec Iq-F Series Cpu Module
Loc Nguyen
+3
·
Published
2025-09-01
·
Updated
2025-09-01
·
CVE-2025-7405
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric MELSEC iQ-F Series CPU module (affected versions not specified)
Description
A missing authentication feature in the MODBUS/TCP implementation of the Mitsubishi Electric MELSEC iQ-F Series CPU module allows a remote, unauthenticated attacker to read or write device values and stop program operation. The vulnerability stems from the lack of authentication features within the MODBUS/TCP protocol used by the product.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Melsec Iq-F Series Cpu Module