AI description
CVE-2025-3699 is a vulnerability affecting Mitsubishi Electric air conditioning systems. It stems from a missing authentication process for critical functions within the affected systems. This vulnerability exists in multiple models, including G-50, AE-200 series, and EW-50 series, specifically impacting versions 3.37 and prior for G-series devices and older versions for AE/EW series devices. Successful exploitation of CVE-2025-3699 could allow an unauthenticated attacker to bypass authentication, illegally control the air conditioning systems, disclose sensitive system information, and potentially tamper with the device firmware. It is recommended to update the firmware to versions newer than 3.37 for G-series devices and 8.01 for AE/EW-series devices.
- Description
- Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
- Source
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- CWE-306
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2025-3699、修正予定なしはひどくない? 病院とかで脆弱性突かれて室温いじられたら死人が出るよ?
@Files2jp
28 Jun 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3699 三菱のエアコンが外部から操作できてしまう問題。 世界中からLAN内の機器にアクセスできる構成になっている方が問題なのでは? 家電とかコピー機とか、LAN内で使う機器はみんなデフォルトパスワ
@gmkun1
28 Jun 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
三菱電機の複数の空調システムに深刻な脆弱性(CVE-2025-3699)が発見された。Webインターフェースの認証欠如により、遠隔操作や情報漏洩、ファームウェア改ざんの恐れがある。 CVSSスコアは最高の9.8である。
@yousukezan
27 Jun 2025
3117 Impressions
10 Retweets
37 Likes
11 Bookmarks
0 Replies
1 Quote
【エアコンの脆弱性】三菱電機社エアコンシステム複数モデルに重大(Critical)な脆弱性。CVE-2025-3699はCVSSv4スコア9.3で、重要機能における認証の欠如。悪用された場合、エアコンシステムの制御が可能になる。
@__kokumoto
27 Jun 2025
15303 Impressions
64 Retweets
106 Likes
33 Bookmarks
0 Replies
10 Quotes
🚨 CRITICAL: CVE-2025-3699 in Mitsubishi G-50 HVAC systems allows remote takeover! Patch ASAP to prevent unauthorized access. https://t.co/Sszxcyf3dm #OffSeq #ICS #HVACsecurity https://t.co/duFKOGH5Iv
@offseq
27 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3699: CRITICAL] Critical Missing Authentication vulnerability found in Mitsubishi Electric Corporation's G-50, G-50-W, G-50A, GB-50, GB-50A, GB-24A, G-150AD, and other models allows remote unauthoriz...#cve,CVE-2025-3699,#cybersecurity https://t.co/ewYkhKPoYL https://t.
@CveFindCom
26 Jun 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3699 Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version … https://t.co/9Lv39XysDz
@CVEnew
26 Jun 2025
380 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes