CVE-2025-7731

HIGH

Mitsubishi Electric MELSEC iQ-F - Info Disclosure

Title source: llm

Description

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.

References (3)

[Various Sources] https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-012_en.pdf

[Third Party Advisory] https://jvn.jp/vu/JVNVU90041458/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-02

Scores

CVSS v3 7.5

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (50)

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MR/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MR/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/DSS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/ESS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MR/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MR/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MT/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MT/DSS All versions

... and 40 more

Published Sep 01, 2025

Tracked Since Feb 18, 2026