CVE-2025-3511

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3511
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Series CC-Link IE TSN Master/Local Module, MELSEC iQ-R Series Ethernet Interface Module, and CC-Link IE TSN Master/Local Station Communication LSI CP610 allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets.  A system reset of the product is required for recovery.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU96620683/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-128-03
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf
Configurations

No configuration.

History

10 Oct 2025, 07:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.9 		v2 : unknown
v3 : 7.5
References
  • () https://jvn.jp/vu/JVNVU96620683/ -
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-25-128-03 -
Summary (en) Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module and CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets. (en) Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Series CC-Link IE TSN Master/Local Module, MELSEC iQ-R Series Ethernet Interface Module, and CC-Link IE TSN Master/Local Station Communication LSI CP610 allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets.  A system reset of the product is required for recovery.

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de validación incorrecta de la cantidad especificada en la entrada en Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module and CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY permite que un atacante remoto no autenticado provoque una condición de denegación de servicio en los productos mediante el envío de paquetes UDP especialmente manipulados.

25 Apr 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-25 06:15

Updated : 2025-10-10 07:15

NVD link : CVE-2025-3511

Mitre link : CVE-2025-3511

CVE.ORG link : CVE-2025-3511

JSON object : View

Products Affected

No product.

CWE
CWE-1284

Improper Validation of Specified Quantity in Input