CISA Alerts · Jun 30, 2026 12:00 UTC

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

Read full story on CISA Alerts
Share
Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

Summary

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager.</strong></p> <p>The following versions of Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M are affected:</p> <ul> <li>MELSOFT Update Manager SW1DND-UDM-M &gt;=1.000A|&lt;=1.014Q (CVE-2025-53816, CVE-2025-53817, CVE-2025-55188, CVE-2025-11001)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>CVSS</th> <th>Vendor</th> <th>Equipment</th> <th>Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.8</td> <td>Mitsubishi Electric</td> <td>Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M</td> <td>Heap-based Buffer Overflow, NULL Pointer Dereference, Improper Link Resolution Before File Access ('Link Following'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Japan</li> </ul> <hr /> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="https://www.cisa.gov/">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="https://www.cisa.gov/">CVE-2025-53816</a></h3> <div class="csaf-accordion-content"> <p>A heap-based buffer overflow vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a buffer overflow that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-53816">View CVE Details</a></p> <hr /> <h4>Affected Products</h4> <h5>Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br />Mitsubishi Electric</div> <div class="ics-version"><strong>Product Version:</strong><br />Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: &gt;=1.000A|&lt;=1.014Q</div> <div class="ics-status"><strong>Product Status:</strong><br />known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br />Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:</p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.co.jp/fa/download/index.html">https://www.mitsubishielectric.co.jp/fa/download/index.html</a></p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf.<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/122.html">CWE-122 Heap-based Buffer Overflow</a></p> <hr /> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>CVSS Version</th> <th>Base Score</th> <th>Base Severity</th> <th>Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H</a></td> </tr> <tr> <td>4.0</td> <td>5.1</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N">CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="https://www.cisa.gov/">CVE-2025-53817</a></h3> <div class="csaf-accordion-content"> <p>A NULL pointer dereference vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a NULL pointer dereference that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-53817">View CVE Details</a></p> <hr /> <h4>Affected Products</h4> <h5>Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br />Mitsubishi Electric</div> <div class="ics-version"><strong>Product Version:</strong><br />Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: &gt;=1.000A|&lt;=1.014Q</div> <div class="ics-status"><strong>Product Status:</strong><br />known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br />Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:</p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.co.jp/fa/download/index.html">https://www.mitsubishielectric.co.jp/fa/download/index.html</a></p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf.<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/476.html">CWE-476 NULL Pointer Dereference</a></p> <hr /> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>CVSS Version</th> <th>Base Score</th> <th>Base Severity</th> <th>Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H</a></td> </tr> <tr> <td>4.0</td> <td>5.1</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N">CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="https://www.cisa.gov/">CVE-2025-55188</a></h3> <div class="csaf-accordion-content"> <p>A link following vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to tamper with or destroy information by convincing a legitimate user to decompress a specially crafted archive file using the affected product. If the tampered or destroyed files are required for PC operation, the affected PC may enter a denial-of-service condition.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-55188">View CVE Details</a></p> <hr /> <h4>Affected Products</h4> <h5>Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br />Mitsubishi Electric</div> <div class="ics-version"><strong>Product Version:</strong><br />Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: &gt;=1.000A|&lt;=1.014Q</div> <div class="ics-status"><strong>Product Status:</strong><br />known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br />Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:</p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.co.jp/fa/download/index.html">https://www.mitsubishielectric.co.jp/fa/download/index.html</a></p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf.<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/59.html">CWE-59 Improper Link Resolution Before File Access ('Link Following')</a></p> <hr /> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>CVSS Version</th> <th>Base Score</th> <th>Base Severity</th> <th>Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.9</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H</a></td> </tr> <tr> <td>4.0</td> <td>6.9</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H">CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="https://www.cisa.gov/">CVE-2025-11001</a></h3> <div class="csaf-accordion-content"> <p>A path traversal vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to execute arbitrary code by decompressing a specially crafted archive file using the affected product. As a result, the affected product may be impacted in ways such as information theft, information tampering, a denial-of-service condition, or other impacts.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-11001">View CVE Details</a></p> <hr /> <h4>Affected Products</h4> <h5>Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br />Mitsubishi Electric</div> <div class="ics-version"><strong>Product Version:</strong><br />Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: &gt;=1.000A|&lt;=1.014Q</div> <div class="ics-status"><strong>Product Status:</strong><br />known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br />Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:</p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.co.jp/fa/download/index.html">https://www.mitsubishielectric.co.jp/fa/download/index.html</a></p> <p><strong>Vendor fix</strong><br />Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixed version from the link "https://www.mitsubishielectric.co.jp/fa/download/index.html" (This site is in Japanese) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf".<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using the PC with the affected product within a LAN and blocking remote logins from untrusted networks, hosts, and users, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), or similar network security controls to prevent unauthorized access and allow only trusted users to remote login when internet access is required, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC with the affected product and the network to which the PC is connected, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends preventing users from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For users who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on the PC with the affected product, to minimize the risk of exploitation of this vulnerability.</p> <p><strong>Mitigation</strong><br />For more information see the associated Mitsubishi Electric security advisory 2026-004: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf.<br /><a href="https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf">https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-004_en.pdf</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr /> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>CVSS Version</th> <th>Base Score</th> <th>Base Severity</th> <th>Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> <tr> <td>4.0</td> <td>9.3</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H">CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr /> <h2>Acknowledgments</h2> <ul> <li>Mitsubishi Electric reported these vulnerabilities to CISA</li> </ul> <hr /> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr /> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.</p> <hr /> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-06-30</li> </ul> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>Date</th> <th>Revision</th> <th>Summary</th> </tr> </thead> <tbody> <tr> <td>2026-06-30</td> <td>1</td> <td>Initial Republication of Mitsubishi Electric 2026-004</td> </tr> </tbody> </table> <hr /> <h2>Legal Notice and Terms of Use</h2>

Original reporting

Open original source

Related coverage

Read full article on CISA Alerts

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.