You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-7731
About this tag
CVE-2025-7731 is a high-severity vulnerability in Mitsubishi Electric's MELSEC iQ-F series CPU modules that involves cleartext transmission of sensitive information over SLMP. An attacker with network access can exploit this flaw to capture credentials and potentially read or write device values or halt program execution. This issue is particularly relevant for Windows-centric IT/OT teams managing industrial control systems. The vulnerability was highlighted in CISA's August 28, 2025, batch of ICS advisories, which included nine critical vulnerabilities across multiple OT vendors. Immediate mitigation, patching, and network-hardening actions are recommended for affected systems.
A remote information‑disclosure weakness in Mitsubishi Electric’s MELSEC iQ‑F series CPU modules has been publicly described as a cleartext transmission of sensitive information over SLMP, enabling an attacker with network access to capture credentials and potentially read/write device values or...
cisa
cve-2025-7731
cwe-319
edr
industrial control systems
information disclosure
ip filtering
melsec iq-f
mitsubishi electric
network segmentation
ot security
plc vulnerabilities
remote access
slmp
vpn mitigation
windows ot
windows security
CISA on August 28, 2025, published a batch of nine Industrial Control Systems (ICS) advisories covering critical vulnerabilities across Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, Hitachi Energy, and ICONICS/Mitsubishi integrations — a coordinated disclosure that...