CVE-2025-3699 | THREATINT

Description

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.

PUBLISHED Reserved 2025-04-16 | Published 2025-06-26 | Updated 2025-12-23 | Assigner Mitsubishi

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

Default status

unaffected

All versions

affected

References

www.mitsubishielectric.com/...nerability/pdf/2025-004_en.pdf vendor-advisory

jvn.jp/vu/JVNVU96471539/ government-resource

www.cisa.gov/news-events/ics-advisories/icsa-25-177-01 government-resource

cve.org (CVE-2025-3699)

nvd.nist.gov (CVE-2025-3699)

Download JSON