Search criteria
2 vulnerabilities found for GB-50 by Mitsubishi Electric Corporation
CVE-2025-3699 (GCVE-0-2025-3699)
Vulnerability from cvelistv5 – Published: 2025-06-26 22:40 – Updated: 2025-07-01 19:24
VLAI?
Summary
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T19:23:59.612308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T19:24:14.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "G-50",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G-50-W",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-24A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.12 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G-150AD",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AG-150A-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AG-150A-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50AD",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50ADA-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50ADA-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EB-50GU-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.7.11 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EB-50GU-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.7.11 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-200J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-200A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-200E",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-50J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-50E",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EW-50J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EW-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EW-50E",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TE-200A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TE-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TW-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-RMD-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.40 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information."
}
],
"value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T09:12:26.106Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU96471539/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2025-3699",
"datePublished": "2025-06-26T22:40:37.915Z",
"dateReserved": "2025-04-16T04:10:19.080Z",
"dateUpdated": "2025-07-01T19:24:14.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3699 (GCVE-0-2025-3699)
Vulnerability from nvd – Published: 2025-06-26 22:40 – Updated: 2025-07-01 19:24
VLAI?
Summary
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mitsubishi Electric Corporation | G-50 |
Affected:
Ver.3.37 and prior
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T19:23:59.612308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T19:24:14.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "G-50",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G-50-W",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.37 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-24A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.12 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G-150AD",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AG-150A-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AG-150A-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50AD",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50ADA-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GB-50ADA-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.3.21 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EB-50GU-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.7.11 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EB-50GU-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.7.11 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-200J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-200A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-200E",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-50J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AE-50E",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EW-50J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EW-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EW-50E",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TE-200A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TE-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TW-50A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.8.01 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-RMD-J",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.40 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information."
}
],
"value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T09:12:26.106Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU96471539/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2025-3699",
"datePublished": "2025-06-26T22:40:37.915Z",
"dateReserved": "2025-04-16T04:10:19.080Z",
"dateUpdated": "2025-07-01T19:24:14.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}