Summary
Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service (DoS) condition on the system.
The following versions of Mitsubishi Electric GENESIS64 and ICONICS Suite products are affected:
- GENESIS64 <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
- ICONICS Suite <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
- MobileHMI <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
- Hyper Historian <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
- AnalytiX <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
- MC Works 64 vers:all/* (CVE-2025-14815, CVE-2025-14816)
- GENESIS <=11.02 (CVE-2025-14815, CVE-2025-14816)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.8 | Mitsubishi Electric | Mitsubishi Electric GENESIS64 and ICONICS Suite products | Cleartext Storage of Sensitive Information, Cleartext Storage of Sensitive Information in GUI |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Mitsubishi Electric Iconics Digital Solutions is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.
Vulnerabilities
CVE-2025-14815
When the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication, the SQL Server credentials are stored in plaintext within the local SQLite file. This results in a vulnerability due to Cleartext Storage of Sensitive Information (CWE 312), which may lead to information disclosure, tampering, or denial of service (DoS).
Affected Products
Mitsubishi Electric GENESIS64 and ICONICS Suite products
Mitsubishi Electric
Mitsubishi Electric GENESIS64: <=10.97.3, Mitsubishi Electric ICONICS Suite: <=10.97.3, Mitsubishi Electric MobileHMI: <=10.97.3, Mitsubishi Electric Hyper Historian: <=10.97.3, Mitsubishi Electric AnalytiX: <=10.97.3, Mitsubishi Electric MC Works 64: vers:all/*, Mitsubishi Electric GENESIS: <=11.02, Mitsubishi Electric Iconics Digital Solutions GENESIS64: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions MobileHMI: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions Hyper Historian: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions AnalytiX: <=10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS: <=11.02
known_affected
Remediations
Vendor fix
Mitsubishi Electric is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian and AnalytiX. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\Cache\*.sdf”. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf
Vendor fix
Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian and AnalytiX. Please download the fixed version from the link “ht
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: