CVE-2025-3699 Information

Description

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior G-50-W Version 3.37 and prior G-50A Version 3.37 and prior GB-50 Version 3.37 and prior GB-50A Version 3.37 and prior GB-24A Version 9.12 and prior G-150AD Version 3.21 and prior AG-150A-A Version 3.21 and prior AG-150A-J Version 3.21 and prior GB-50AD Version 3.21 and prior GB-50ADA-A Version 3.21 and prior GB-50ADA-J Version 3.21 and prior EB-50GU-A Version 7.11 and prior EB-50GU-J Version 7.11 and prior AE-200J Version 8.01 and prior AE-200A Version 8.01 and prior AE-200E Version 8.01 and prior AE-50J Version 8.01 and prior AE-50A Version 8.01 and prior AE-50E Version 8.01 and prior EW-50J Version 8.01 and prior EW-50A Version 8.01 and prior EW-50E Version 8.01 and prior TE-200A Version 8.01 and prior TE-50A Version 8.01 and prior TW-50A Version 8.01 and prior and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally or disclose information in them by exploiting this vulnerability. In addition the attacker may tamper with firmware for them using the disclosed information.

Reference

https://jvn.jp/vu/JVNVU96471539/ https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf

Related CNNVD

CNNVD-202506-3369 (Published: 2025-06-26)