Mitsubishi Electric Multiple FA Products (Update B)

Monitor7.5ICS-CERT ICSA-25-128-03May 8, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple Mitsubishi Electric CC-Link IE TSN remote I/O modules, converter modules, FPGA modules, and related PLC Ethernet interface modules (across NZ2GN, RJ71GN11, RJ71EN71, FX5, and CP610/CP620 product families) are vulnerable to a denial-of-service attack. An attacker can send a crafted network packet to cause the affected module to stop responding, disrupting communications on the CC-Link IE TSN industrial network. CWE-1284 (Improper Validation of Specified Quantity in Input) is the underlying cause. Products at version 09 or earlier (or version 07 or earlier for converter modules, version 1.08J for CP620, version 26 or earlier for RJ71GN11-T2, and all versions of some FX5 modules) are vulnerable.

What this means

What could happen

An attacker could remotely cause these CC-Link IE TSN network modules and converters to stop responding, disrupting communication between automation controllers and field equipment. This could halt production processes until the affected modules are restarted or replaced.

Who's at risk

Mitsubishi Electric industrial automation components used in power generation, distribution, and manufacturing. This includes CC-Link IE TSN Remote I/O modules (field input/output devices), Analog-Digital and Digital-Analog Converter modules, FPGA modules, and MELSEC iQ-R and iQ-F series PLC Ethernet modules. Energy utilities and manufacturers relying on these networked I/O devices for process control should assess exposure.

How it could be exploited

An attacker on the network containing these CC-Link IE TSN modules can send a specially crafted network packet to trigger a denial-of-service condition. No credentials are needed; the attacker only needs network reachability to the affected module on its communication port.

Prerequisites

Network access to the CC-Link IE TSN module or gateway on the control network
No authentication required

Remotely exploitableNo authentication requiredLow attack complexityNo patch available for most productsAffects industrial automation networkHigh CVSS severity (7.5)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (44)

44 pending

ProductAffected VersionsFix Status

CC-Link IE TSN Remote I/O module NZ2GN2S1-32D: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32T: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32TE: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32DT: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32DTE: <=09≤ 09No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate CC-Link IE TSN network segments from untrusted networks using firewalls and network segmentation to limit attacker reachability

HARDENINGMonitor CC-Link IE TSN modules for unexpected loss of communications and implement alerting on module status changes

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade CC-Link IE TSN Remote I/O modules NZ2GN2S1 and NZ2GN2B1 series to firmware version 10 or later

HOTFIXUpgrade CC-Link IE TSN Analog/Digital Converter and FPGA modules to patched versions when available from Mitsubishi Electric

HOTFIXUpgrade MELSEC iQ-R Series CC-Link IE TSN Master/Local Modules RJ71GN11 series and Ethernet Interface Module RJ71EN71 to patched versions when available

CVEs (1)

CVE-2025-3511

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4ac5bcb5-fc0e-4080-a203-8d88db9475e5