A newly disclosed flaw in Mitsubishi Electric’s Iconics Suite SCADA platform, tracked as CVE-2025-0921, exposes critical industrial environments to denial-of-service attacks by abusing privileged file system operations in Windows-based engineering workstations. Rated with a CVSS score of 6.5, the vulnerability affects GENESIS64 deployments on Microsoft Windows versions 10.97.2 and earlier and could be combined with other weaknesses to corrupt essential system binaries and halt operations.
Researchers from Unit 42 discovered CVE-2025-0921 during an assessment of Iconics Suite, following an earlier set of five vulnerabilities they reported in versions 10.97.3 and below that enabled privilege escalation and system disruption. The latest bug resides in the way multiple Iconics services perform file system operations with elevated privileges, creating an opportunity for attackers with local, non‑admin access to direct these operations toward sensitive files. In industrial sectors such as automotive, energy and manufacturing, where Iconics SCADA is used to monitor and control processes, such misuse could severely impact system integrity and availability.
The core issue is a privileged file system operations vulnerability centered on the Pager Agent component of AlarmWorX6
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: