Mitsubishi Electric Warns of Critical Security Flaw in Air Conditioning Systems

Mitsubishi Electric has issued an urgent security alert for hundreds of thousands of its air conditioning control systems worldwide after discovering a serious vulnerability that could allow hackers to take over building HVAC networks. The company is urging immediate action to prevent potential attacks on hospitals, data centers, and commercial buildings.

What’s at Risk

The vulnerability affects:
✔ MELSEC iQ-R series controllers (used in large buildings)
✔ CITY MULTI systems with M-NET adapters (common in offices/hotels)
✔ Unpatched devices installed before October 2025

Potential Consequences

Security experts warn hackers could:

• Shut down cooling systems in critical facilities
• Manipulate temperatures to damage sensitive equipment
• Launch ransomware attacks on building networks

What You Need to Do

1. Check Your Equipment
   • Verify the controller model and firmware version
   • Isolate vulnerable devices from the main networks
2. Install Updates Immediately
   • Patch available at Mitsubishi’s security portal
   • Critical sites should prioritize ICU/hospital units
3. Monitor for Suspicious Activity
   • Watch for unusual temperature fluctuations
   • Report any system anomalies

Why This Matters

• Patient Safety: Hospital HVAC systems maintain critical environments
• Business Continuity: Data centers rely on precise temperature control
• Financial Risk: Building operations could be held hostage

Industry Response

Major facility operators are scrambling to patch systems, with reports of:

• Hospitals implementing emergency protocols
• Tech companies conducting vulnerability scans
• Insurance providers reviewing coverage policies

About the Vulnerability
The flaw (CVE-2025-2871) scores 9.1/10 for severity and affects systems globally. Mitsubishi has provided detailed remediation guidance but warns that older devices may require hardware replacement.

Building managers should treat this as a top-priority security issue and complete updates immediately.

For More Information
Visit Mitsubishi Electric’s security advisory portal or contact their technical support team for assistance. Facility operators can also consult cybersecurity experts specializing in industrial control systems.

The company has established a 24/7 hotline for critical infrastructure providers needing immediate assistance.

Global Refrigeration Body Urges Nations to Form Specialized Committees Ahead of 2025 Deadline