Key Information Vulnerability ID JVNVD#96620683 Vulnerability Description A Denial of Service (DoS) vulnerability exists in the Ethernet functionality of Mitsubishi Electric's FA products. Affected Systems CC-Link IE TSN Remote I/O Unit CC-Link IE TSN Analog-Digital Conversion Unit CC-Link IE TSN Digital-Analog Conversion Unit CC-Link IE TSN FPGA Unit CC-Link IE TSN Remote Station Communication LSI CP620 with Built-in Ghe-PHY MELSEC iQ-R Series CC-Link IE TSN Master/Local Unit MELSEC iQ-R Series Ethernet Interface Unit CC-Link IE TSN Master/Local Station Communication LSI CP610 Detailed Information A Denial of Service (DoS) vulnerability caused by insufficient validation of input data quantity (CVE-1204, CVE-2025-3511) exists. Potential Impact Receiving maliciously crafted UDP packets may cause the affected products to enter a Denial of Service (DoS) state. Recovery requires restarting the affected product. Mitigation Measures Update - Update firmware or sample code for CP620 to the patched version. Workarounds - When connecting affected products to the internet, use firewalls or Virtual Private Networks (VPNs) to prevent unauthorized access. - Use affected products within a LAN and block access from untrusted networks, hosts, or users. - Restrict physical access to affected products and PCs that can connect to them. Reference Information 1. ICS Advisory - Mitsubishi Electric CC-Link IE TSN Update History 2025/10/09: Updated [Affected Systems], [Detailed Information], [Potential Impact], and [Mitigation Measures]