CVE-2025-3699

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU96471539/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf

Configurations

No configuration.

History

No history.

Information

Published : 2025-06-26 23:15

Updated : 2025-12-23 00:15

NVD link : CVE-2025-3699

Mitre link : CVE-2025-3699

CVE.ORG link : CVE-2025-3699

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-3699", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-06-26T23:15:22.177", "references": [{"url": "https://jvn.jp/vu/JVNVU96471539/", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information."}, {"lang": "es", "value": "Vulnerabilidad de autenticaci\u00f3n faltante para funci\u00f3n cr\u00edtica en Mitsubishi Electric Corporation G-50 versi\u00f3n 3.37 y anteriores, G-50-W versi\u00f3n 3.37 y anteriores, G-50A versi\u00f3n 3.37 y anteriores, GB-50 versi\u00f3n 3.37 y anteriores, GB-50A versi\u00f3n 3.37 y anteriores, GB-24A versi\u00f3n 9.12 y anteriores, G-150AD versi\u00f3n 3.21 y anteriores, AG-150A-A versi\u00f3n 3.21 y anteriores, AG-150A-J versi\u00f3n 3.21 y anteriores, GB-50AD versi\u00f3n 3.21 y anteriores, GB-50ADA-A versi\u00f3n 3.21 y anteriores, GB-50ADA-J versi\u00f3n 3.21 y anteriores, EB-50GU-A versi\u00f3n 7.11 y anteriores, EB-50GU-J versi\u00f3n 7.11 y anteriores, AE-200J versi\u00f3n 8.01 y anteriores. AE-200A versi\u00f3n 8.01 y anteriores, AE-200E versi\u00f3n 8.01 y anteriores, AE-50J versi\u00f3n 8.01 y anteriores, AE-50A versi\u00f3n 8.01 y anteriores, AE-50E versi\u00f3n 8.01 y anteriores, EW-50J versi\u00f3n 8.01 y anteriores, EW-50A versi\u00f3n 8.01 y anteriores, EW-50E versi\u00f3n 8.01 y anteriores, TE-200A versi\u00f3n 8.01 y anteriores, TE-50A versi\u00f3n 8.01 y anteriores, TW-50A versi\u00f3n 8.01 y anteriores, y CMS-RMD-J versi\u00f3n 1.40 y anteriores permiten a un atacante remoto no autenticado eludir la autenticaci\u00f3n y, posteriormente, controlar ilegalmente los sistemas de aire acondicionado o divulgar informaci\u00f3n sobre ellos aprovechando esta vulnerabilidad. Adem\u00e1s, el atacante puede manipular el firmware de los sistemas utilizando la informaci\u00f3n divulgada."}], "lastModified": "2025-12-23T00:15:43.540", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}