Analysis Summary

CVE-2025-5241

Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login with incorrect passwords. The legitimate users will be unable to login until a certain period has passed after the lockout or until the product is reset.

Impact

• Denial of Service

Indicators of Compromise

CVE

• CVE-2025-5241

Affected Vendors

Affected Products

• Mitsubishi Electric Corporation MELSEC iQ-F

Remediation

Refer to Mitsubishi Electric Security Advisory for patch, upgrade, or suggested workaround information.

Mitsubishi Electric Security Advisory