Primary

Context

Mitsubishi Electric SmartRTU OS Command Injection Vulnerability Allowing Information Manipulation and Denial-of-Service

Vulnerability

Patched

A remote, unauthenticated vulnerability has been identified in Mitsubishi Electric smartRTU versions through 3.37. This vulnerability allows attackers who have bypassed authentication to execute arbitrary operating system commands. Exploitation of this vulnerability could lead to unauthorized disclosure, modification, destruction, or deletion of information within the smartRTU system. Additionally, it could cause a denial-of-service condition on the product.

Impact

Exploitation of this vulnerability could result in unauthorized OS command execution, allowing attackers to manipulate or delete information in the smartRTU system or cause a denial-of-service condition.

Remediation

Users are advised to update to the latest firmware version 3.37. For additional guidance, refer to the Mitsubishi Electric Europe PSIRT vulnerability report MEU_PSIRT_2025-3128.

Added: Aug 21, 2025, 8:30 PM

Updated: Aug 21, 2025, 8:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

5.9

remediation

7.9

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

5.9

remediation

7.9

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mitsubishi Electric SmartRTU OS Command Injection Vulnerability Allowing Information Manipulation and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Mitsubishi Electric smartRTU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating