{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8531", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2025-08-04T08:24:14.341Z", "datePublished": "2025-09-19T09:30:21.832Z", "dateUpdated": "2025-09-19T11:46:19.666Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People's Republic of China, and is normally disabled."}], "value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People's Republic of China, and is normally disabled."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial-of-Service (DoS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2025-09-19T09:30:21.832Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU97846038/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-19T11:46:02.489151Z", "id": "CVE-2025-8531", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-19T11:46:19.666Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8531", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-19T11:46:02.489151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-19T11:46:07.016Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial-of-Service (DoS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"24082\" to \"27081\""}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU97846038/", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People's Republic of China, and is normally disabled.", "supportingMedia": [{"type": "text/html", "value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People's Republic of China, and is normally disabled.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2025-09-19T09:30:21.832Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8531", "state": "PUBLISHED", "dateUpdated": "2025-09-19T11:46:19.666Z", "dateReserved": "2025-08-04T08:24:14.341Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2025-09-19T09:30:21.832Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People's Republic of China, and is normally disabled."}], "id": "CVE-2025-8531", "lastModified": "2025-09-19T10:15:36.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2025-09-19T10:15:36.807", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU97846038/"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-130"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Primary"}]}

{}

{}