Mitsubishi Electric Multiple FA Products (Update B)

MonitorCVSS 7.5ICS-CERT ICSA-25-128-03May 8, 2025

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability (CWE-1284) exists in Mitsubishi Electric CC-Link IE TSN modules and related devices. An attacker can send a specially crafted packet to cause the affected module to stop responding and cease operations. Affected products include CC-Link IE TSN Remote I/O modules (NZ2GN2S1, NZ2GN2B1, NZ2GN12A series), Analog/Digital Converter modules, FPGA modules, Communication LSI CP620 and CP610, and MELSEC iQ-R and iQ-F Ethernet/CC-Link IE TSN interface modules. Some products have firmware updates available (version 10 or later for most Remote I/O modules, version 08 or later for ADC/DAC modules), but many product variants have no fix planned.

What this means

What could happen

An attacker on your network could remotely crash these Mitsubishi CC-Link IE TSN I/O modules, halting process operations and sensor data flow to your MELSEC controllers until the modules restart.

Who's at risk

Energy utilities and manufacturers using Mitsubishi MELSEC iQ-R and iQ-F programmable logic controllers with CC-Link IE TSN I/O modules for remote process monitoring, analog/digital conversion, and device communication. Affects multiple remote I/O module variants, Ethernet interface modules, and communication LSI components.

How it could be exploited

An attacker with network access to the CC-Link IE TSN network segment could send a specially crafted packet to one of these modules, causing it to stop responding. The module would need to be manually restarted to restore operation.

Prerequisites

Network access to the CC-Link IE TSN network segment where affected modules are deployed
No authentication required to send the malicious packet

remotely exploitableno authentication requiredlow complexityno patch available for many product variantsaffects industrial automation and control systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (44)

44 pending

ProductAffected VersionsFix Status

CC-Link IE TSN Remote I/O module NZ2GN2S1-32D: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32T: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32TE: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32DT: <=09≤ 09No fix yet

CC-Link IE TSN Remote I/O module NZ2GN2S1-32DTE: <=09≤ 09No fix yet

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDMonitor for unexpected module restarts or denial-of-service symptoms on affected equipment and log network traffic to CC-Link IE TSN devices

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CC-Link IE TSN Remote I/O modules (NZ2GN2S1, NZ2GN2B1, NZ2GN12A series) to version 10 or later

HOTFIXUpdate CC-Link IE TSN Analog/Digital Converter modules (NZ2GN2S-60AD4, NZ2GN2B-60AD4, NZ2GN2S-60DA4, NZ2GN2B-60DA4) to version 08 or later

HOTFIXUpdate MELSEC iQ-R Ethernet Interface Module RJ71EN71 to version 86 or later

Long-term hardening

0/1

HARDENINGIsolate CC-Link IE TSN network segments from untrusted networks using industrial firewalls or access control lists

CVEs (1)

CVE-2025-3511

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4ac5bcb5-fc0e-4080-a203-8d88db9475e5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.