Home

Description

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.

PUBLISHED Reserved 2025-12-25 | Published 2026-02-05 | Updated 2026-02-06 | Assigner Mitsubishi




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-1284 Improper Validation of Specified Quantity in Input

Product status

Default status
unaffected

Firmware versions "48" and prior
affected

Default status
unaffected

Firmware versions "48" and prior
affected

Default status
unaffected

Firmware versions "48" and prior
affected

Default status
unaffected

Firmware versions "48" and prior
affected

References

jvn.jp/vu/JVNVU95093080/ government-resource

www.mitsubishielectric.com/...nerability/pdf/2025-020_en.pdf vendor-advisory

www.cisa.gov/news-events/ics-advisories/icsa-26-036-02 government-resource

cve.org (CVE-2025-15080)

nvd.nist.gov (CVE-2025-15080)

Download JSON