CVE-2025-15080

Information Disclosure, Information Tampering, and Denial of Service (DoS) Vulnerability in Mitsubishi Electric proprietary protocol communication and SLMP communication for FA products

Description

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.

INFO

Published Date :

2026-02-05T05:16:53.721Z

Last Modified :

2026-02-06T07:09:32.791Z

Source :

Mitsubishi

AFFECTED PRODUCTS

The following products are affected by CVE-2025-15080 vulnerability.

Vendors	Products
Mitsubishi	Melsec Iq-r Series
Mitsubishi Electric	Melsec Iq-r Series

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15080.

URL	Resource
https://jvn.jp/vu/JVNVU95093080/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-02
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-020_en.pdf

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability