OTPulse

Mitsubishi Electric MELSEC iQ-F Series

Plan PatchCVSS 9.1ICS-CERT ICSA-25-153-03Jun 3, 2025
Mitsubishi ElectricEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Multiple Mitsubishi Electric MELSEC iQ-F series PLCs are vulnerable to remote information disclosure, denial of service, and operational disruption via specially crafted packets. The vulnerability exists across all firmware versions of the FX5UC, FX5UJ, FX5U, and FX5S product lines (over 80 specific models listed). An attacker with network access to an unprotected PLC can trigger the vulnerability without authentication or user interaction. Mitsubishi Electric has not released and does not plan to release a firmware patch for any affected model. Mitigation requires network isolation, firewall rules, and enabling the PLC's built-in IP Filter function to restrict access to trusted hosts only.

What this means
What could happen
An attacker on your network could read sensitive data from these PLCs, cause them to stop responding (denial of service), or halt production processes by sending malicious packets. Since no patch exists, you must rely on network isolation and access controls.
Who's at risk
Mitsubishi Electric MELSEC iQ-F series programmable logic controllers (PLCs), specifically the FX5UC, FX5UJ, FX5U, and FX5S models across all firmware versions. These PLCs are the operational brains of many industrial automation, water treatment, power distribution, and manufacturing processes. Engineers and operators managing these devices should treat this as a critical network isolation issue.
How it could be exploited
An attacker with network access to an unprotected FX5 series PLC can send specially crafted packets to trigger information disclosure, denial of service, or operational disruption. The vulnerability requires only network connectivity to the PLC—no credentials or user interaction needed.
Prerequisites
  • Network access to the affected PLC on ports used by MELSEC communication protocols (typically Ethernet, port 502 or proprietary MELSEC ports)
  • No authentication required
remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems (production control)high CVSS score (9.1)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (95)
95 pending
ProductAffected VersionsFix Status
FX5UC-32MT/DSS-TS: vers:all/*All versionsNo fix yet
FX5UC-32MR/DS-TS: vers:all/*All versionsNo fix yet
FX5UJ-24MT/ES: vers:all/*All versionsNo fix yet
FX5UJ-24MT/DS: vers:all/*All versionsNo fix yet
FX5UJ-24MT/ESS: vers:all/*All versionsNo fix yet
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGDeploy a firewall or network access control list to restrict access to FX5 series PLCs to only authorized engineering workstations and HMI servers on your LAN. Block all incoming connections from untrusted networks and the Internet.
WORKAROUNDEnable the IP Filter function on each affected FX5 PLC to whitelist only trusted source IP addresses and networks. Configure according to section 13.1 of the MELSEC iQ-F FX5 User's Manual (Communication), available at https://www.mitsubishielectric.com/fa/download/index.html
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGIsolate FX5 series PLCs into a dedicated control network segment with no direct connectivity from IT networks or the Internet. Use a jump server or engineering access point if remote access is required.
HARDENINGRestrict physical access to FX5 PLCs and the cabling infrastructure connecting them to ensure attackers cannot insert rogue devices or intercept communications.
Long-term hardening
0/1
HARDENINGIf Internet access or remote monitoring is required, require traffic through a VPN tunnel with encryption and authentication before reaching the PLC network.
View full CISA ICS-CERT advisory
API: /api/v1/advisories/e7ad6816-0306-48b5-8bbe-de26210485d3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Mitsubishi Electric MELSEC iQ-F Series | CVSS 9.1 - OTPulse