ICS: Multiple Mitsubishi Electric MELSEC iQ-F Series Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-7731 CVSS:7.5

Mitsubishi Electric MELSEC iQ-F Series CPU module could allow a remote attacker to obtain sensitive information, caused by cleartext transmission of sensitive information.

CVE-2025-7405 CVSS:7.3

Mitsubishi Electric MELSEC iQ-F Series CPU Module could allow a remote attacker to obtain sensitive information, caused by missing authentication for critical function.

Impact

Information Disclosure

Indicators of Compromise

CVE

CVE-2025-7731
CVE-2025-7405

Affected Vendors

Mitsubishi Electric

Affected Products

Mitsubishi Electric MELSEC iQ-F Series CPU Module

Remediation

Refer to Mitsubishi Electric Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-7731

CVE-2025-7405

LokiBot Malware – Active IOCs

BlackMoon Banking Trojan aka KrBanker – Active IOCs

ICS: Multiple Mitsubishi Electric MELSEC iQ-F Series Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan