9.8

CVE-2025-3699

EPSS 0.1%
Veröffentlicht 26.06.2025 22:40:37
Zuletzt bearbeitet 23.12.2025 00:15:43
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMitsubishi Electric Corporation

≫

Produkt G-50

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt G-50-W

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt G-50A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GB-50

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GB-50A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GB-24A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt G-150AD

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AG-150A-A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AG-150A-J

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GB-50AD

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GB-50ADA-A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GB-50ADA-J

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt EB-50GU-A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt EB-50GU-J

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AE-200J

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AE-200A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AE-200E

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AE-50J

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AE-50A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AE-50E

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt EW-50J

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt EW-50A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt EW-50E

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt TE-200A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt TE-50A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt TW-50A

Default Statusunaffected

Version All versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt CMS-RMD-J

Default Statusunaffected

Version All versions

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf

https://jvn.jp/vu/JVNVU96471539/

https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01

https://nvd.nist.gov/vuln/detail/CVE-2025-3699

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3699

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3699

EUVD