CVE-2025-15080

Summary

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationMELSEC iQ-R Series R08PCPUFirmware versions "48" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R Series R16PCPUFirmware versions "48" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R Series R32PCPUFirmware versions "48" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R Series R120PCPUFirmware versions "48" and prioraffected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References