Improper Input Validation in Mitsubishi Electric CC-Link IE TSN Products
CVE-2025-3511

5.9MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Cc-link Ie Tsn Remote I/o Module Nz2gn2s1-32d; Cc-link Ie Tsn Remote I/o Module Nz2gn2s1-32t; Cc-link Ie Tsn Remote I/o Module Nz2gn2s1-32te; Cc-link Ie Tsn Remote I/o Module Nz2gn2s1-32dt
Vendor: CVE Published:; 25 April 2025

Summary

An improper validation vulnerability in various Mitsubishi Electric CC-Link IE TSN products enables a remote unauthenticated attacker to exploit the system by sending specially crafted UDP packets. This can lead to a Denial of Service condition, disrupting the operation of affected modules including the Remote I/O and Analog-Digital Converter modules. It is crucial for users to be aware of this vulnerability for ensuring robust security measures.

Affected Version(s)

CC-Link IE TSN Analog-Digital Converter module NZ2GN2B-60AD4 07 and prior

CC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4 07 and prior

CC-Link IE TSN Digital-Analog Converter module NZ2GN2B-60DA4 07 and prior

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 11, 2025