CVE-2025-3699

216.73.217.22

· Published 26/06/2025 23:15 · Modified 27/06/2025 10:15

Labels: CVE-2025-3699 2025-06-26 CVE-2025-3699 CWE-306 [email protected]

Essential information

Published: 26/06/2025 23:15
Modified: 27/06/2025 10:15
Author: —
Creator: —
CVSS: 9.8 CRITICAL (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
mitsubishi electric / g-50	`cpe:2.3:a:mitsubishi_electric:g-50:3.37:::::::*`
mitsubishi electric / g-50-w	`cpe:2.3:a:mitsubishi_electric:g-50-w:3.37:::::::*`
mitsubishi electric / g-50a	`cpe:2.3:a:mitsubishi_electric:g-50a:3.37:::::::*`
mitsubishi electric / gb-50	`cpe:2.3:a:mitsubishi_electric:gb-50:3.37:::::::*`
mitsubishi electric / gb-50a	`cpe:2.3:a:mitsubishi_electric:gb-50a:3.37:::::::*`
mitsubishi electric / gb-24a	`cpe:2.3:a:mitsubishi_electric:gb-24a:9.12:::::::*`
mitsubishi electric / g-150ad	`cpe:2.3:a:mitsubishi_electric:g-150ad:3.21:::::::*`
mitsubishi electric / ag-150a-a	`cpe:2.3:a:mitsubishi_electric:ag-150a-a:3.21:::::::*`
mitsubishi electric / ag-150a-j	`cpe:2.3:a:mitsubishi_electric:ag-150a-j:3.21:::::::*`
mitsubishi electric / gb-50ad	`cpe:2.3:a:mitsubishi_electric:gb-50ad:3.21:::::::*`
mitsubishi electric / gb-50ada-a	`cpe:2.3:a:mitsubishi_electric:gb-50ada-a:3.21:::::::*`
mitsubishi electric / gb-50ada-j	`cpe:2.3:a:mitsubishi_electric:gb-50ada-j:3.21:::::::*`
mitsubishi electric / eb-50gu-a	`cpe:2.3:a:mitsubishi_electric:eb-50gu-a:7.11:::::::*`
mitsubishi electric / eb-50gu-j	`cpe:2.3:a:mitsubishi_electric:eb-50gu-j:7.11:::::::*`
mitsubishi electric / ae-200j	`cpe:2.3:a:mitsubishi_electric:ae-200j:8.01:::::::*`
mitsubishi electric / ae-200a	`cpe:2.3:a:mitsubishi_electric:ae-200a:8.01:::::::*`
mitsubishi electric / ae-200e	`cpe:2.3:a:mitsubishi_electric:ae-200e:8.01:::::::*`
mitsubishi electric / ae-50j	`cpe:2.3:a:mitsubishi_electric:ae-50j:8.01:::::::*`
mitsubishi electric / ae-50a	`cpe:2.3:a:mitsubishi_electric:ae-50a:8.01:::::::*`
mitsubishi electric / ae-50e	`cpe:2.3:a:mitsubishi_electric:ae-50e:8.01:::::::*`
mitsubishi electric / ew-50j	`cpe:2.3:a:mitsubishi_electric:ew-50j:8.01:::::::*`
mitsubishi electric / ew-50a	`cpe:2.3:a:mitsubishi_electric:ew-50a:8.01:::::::*`
mitsubishi electric / ew-50e	`cpe:2.3:a:mitsubishi_electric:ew-50e:8.01:::::::*`
mitsubishi electric / te-200a	`cpe:2.3:a:mitsubishi_electric:te-200a:8.01:::::::*`
mitsubishi electric / te-50a	`cpe:2.3:a:mitsubishi_electric:te-50a:8.01:::::::*`
mitsubishi electric / tw-50a	`cpe:2.3:a:mitsubishi_electric:tw-50a:8.01:::::::*`
mitsubishi electric / cms-rmd-j	`cpe:2.3:a:mitsubishi_electric:cms-rmd-j:1.40:::::::*`