CVE-2025-7405 is a high-severity vulnerability affecting Mitsubishi Electric Corporation's MELSEC iQ-F Series FX5U-32MT/ES CPU modules, specifically versions 1.060 and later. The core issue is a Missing Authentication for Critical Function (CWE-306) in the MODBUS/TCP implementation used by these devices. MODBUS/TCP is a widely used industrial communication protocol for supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs). In this case, the protocol lacks any authentication mechanism, allowing remote unauthenticated attackers to connect to the device over the network and perform unauthorized read and write operations on device values. This includes the ability to stop running programs on the PLC, effectively disrupting industrial processes controlled by the device. The vulnerability is exploitable remotely without any user interaction or prior authentication, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact spans confidentiality, integrity, and availability, as attackers can both read sensitive device data and alter operational parameters, potentially causing physical process disruptions or safety hazards. Although no known exploits are currently reported in the wild, the ease of exploitation and critical nature of the functions exposed make this a significant threat to industrial environments relying on these PLCs. The absence of authentication in MODBUS/TCP communications is a fundamental security flaw that undermines trust in the device's operational security. Given the critical role of these PLCs in automation and control systems, exploitation could lead to operational downtime, safety incidents, or damage to equipment.

For European organizations, especially those in manufacturing, energy, utilities, and critical infrastructure sectors, this vulnerability poses a substantial risk. The ability for an unauthenticated attacker to remotely manipulate PLC operations could lead to production halts, safety system failures, or physical damage to machinery. Confidentiality breaches could expose sensitive operational data, while integrity violations could alter process parameters, causing unsafe or suboptimal operations. Availability impacts could disrupt supply chains and critical services. Given Europe's strong industrial base and reliance on automation, exploitation could have cascading effects on economic activities and public safety. Organizations operating MELSEC iQ-F Series PLCs must consider the potential for targeted attacks, especially in environments where network segmentation or monitoring is insufficient. The lack of authentication also increases the risk from insider threats or lateral movement by attackers who gain initial network access.

1. Network Segmentation: Isolate MELSEC iQ-F Series PLCs on dedicated, secure network segments with strict access controls to limit exposure to untrusted networks. 2. Implement Firewalls and Access Control Lists (ACLs): Restrict MODBUS/TCP traffic to only trusted management stations and supervisory systems. 3. Use VPNs or Encrypted Tunnels: Where remote access is necessary, employ secure VPNs or encrypted communication channels to protect MODBUS/TCP traffic and add authentication layers. 4. Monitor Network Traffic: Deploy intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous MODBUS/TCP activity indicative of unauthorized access attempts. 5. Vendor Coordination: Engage with Mitsubishi Electric for firmware updates or patches addressing this vulnerability; if none are available, request timelines and interim mitigations. 6. Implement Application Whitelisting and Process Monitoring: Detect unauthorized changes or stoppage of PLC programs. 7. Conduct Regular Security Audits: Verify that no unauthorized devices or users have access to the control network. 8. Incident Response Planning: Prepare for potential exploitation scenarios with clear procedures to isolate affected devices and restore safe operations.