Mitsubishi Electric MELSEC iQ-F Series CPU Module

Monitor7.3ICS-CERT ICSA-25-240-01Aug 28, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MELSEC iQ-F Series CPU Modules (FX5U, FX5UC, FX5S, FX5UJ families) contain an authentication bypass vulnerability in their network communication protocol. The PLC does not properly validate the source or authorization of incoming requests to read or write device memory and program execution state. An attacker can exploit this to read sensitive device values, modify setpoints and counters, and halt running control programs without providing credentials. Mitsubishi Electric has confirmed no fixed version will be released and recommends network isolation and firewall rules as the only mitigation.

What this means

What could happen

An attacker with network access to a MELSEC iQ-F Series PLC could read or modify device values and stop running programs, disrupting production processes and potentially causing unsafe equipment states.

Who's at risk

Energy utilities and water authorities using Mitsubishi Electric MELSEC iQ-F Series PLCs (FX5U, FX5UC, FX5S, FX5UJ models) in control systems for generation, distribution, or treatment processes. Any facility where these compact PLCs control pumps, motors, valves, or safety interlocks is at risk.

How it could be exploited

An attacker on the network sends unauthenticated requests to the PLC's communication port to read or write memory locations that store device values and program control registers. No credentials are required—the attacker can directly manipulate setpoints, counters, and program execution state.

Prerequisites

Network access to the PLC (Ethernet port, typically port 502 or 1025-1026 for MELSEC communications)
No authentication required
PLC must be reachable from an untrusted network segment or the attacker must be on the same LAN

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (vendor will not release a fix)Affects operational control systemsCan stop program execution

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (75)

75 pending

ProductAffected VersionsFix Status

MELSEC iQ-F Series FX5UC-64MT/D: >=1.060≥ 1.060No fix yet

MELSEC iQ-F Series FX5UC-64MT/DSS: >=1.060≥ 1.060No fix yet

MELSEC iQ-F Series FX5UC-96MT/D: >=1.060≥ 1.060No fix yet

MELSEC iQ-F Series FX5UC-96MT/DSS: >=1.060≥ 1.060No fix yet

MELSEC iQ-F Series FX5UC-32MT/DS-TS: >=1.060≥ 1.060No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGDeploy a firewall to block all inbound connections to the PLC from untrusted networks; restrict PLC access to engineering workstations and HMI/SCADA systems only

WORKAROUNDEnable the IP filter function on the PLC to block connections from unauthorized hosts (see MELSEC iQ-F FX5 User's Manual section 13.1)

Long-term hardening

0/3

HARDENINGImplement network segmentation to isolate the PLC on a separate VLAN or air-gapped LAN; prevent inter-VLAN routing to the PLC subnet

HARDENINGRestrict physical access to the PLC and network infrastructure (switches, patch panels) to authorized personnel only

HARDENINGIf internet access to the PLC is required, use a VPN with strong authentication and encryption to tunnel all traffic

CVEs (1)

CVE-2025-7405

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0de4db1b-89e2-4498-8775-37e4eb7a25a6