mitsubishi electric vulnerability

About this tag
The tag covers discussions about security vulnerabilities in Mitsubishi Electric industrial control products, particularly the MELSEC iQ-F series. A recent thread addresses CVE-2025-7405, a Modbus/TCP vulnerability that allows unauthenticated remote attackers to read and write device values or halt program execution. The CISA advisory from August 2025 assigns a CVSS v4 score of 6.9, and Mitsubishi Electric recommends network-level mitigations rather than firmware updates. Topics include Windows-based OT environments, mitigation strategies, and integration with enterprise IT security practices.
  1. MELSEC iQ-F Modbus/TCP CVE-2025-7405: Mitigation Guide for Windows & OT

    Mitsubishi Electric’s MELSEC iQ‑F family of CPU modules has been formally flagged with a network‑accessible vulnerability that allows unauthenticated remote actors to read and write device values — and in some deployments to halt program execution — because the affected product’s Modbus/TCP...