April 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
North Korea-Linked Konni APT Group – Active IOCs
April 25, 2025ICS: Johnson Controls ICU Vulnerability
April 25, 2025North Korea-Linked Konni APT Group – Active IOCs
April 25, 2025ICS: Johnson Controls ICU Vulnerability
April 25, 2025
Severity
Medium
Analysis Summary
CVE-2025-3511
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module and CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2025-3511
Affected Vendors
Mitsubishi Electric
Affected Products
- Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module NZ2GN2S1-32D
- Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module NZ2GN2S1-32T
- Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module NZ2GN2B1-32D
- Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module NZ2GN2B1-32DTE
- Mitsubishi Electric Corporation CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-60 - 1.08J
- Mitsubishi Electric Corporation CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300 - 1.08J
Remediation
Refer to Mitsubishi Electric Website for patch, upgrade, or suggested workaround information.
