Claroty Blog CVE-2025-3128

CWE-78 Improper Neutralization of Special Elements used in an OS Command:A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.Mitsubishi Electric Europe B.V. recommends that users take note of the following mitigation measures to minimize the risk of exploiting this vulnerability:Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.Use within a LAN and block access from untrusted networks and hosts through firewalls.Use web application firewall (WAF) to prevent to filter, monitor and block any malicious HTTP/HTTPS traffic.Allow web client access from trusted networks only.