BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·57d ago

Mitsubishi Electric GENESIS64 and ICONICS Suite products

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-097-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service (DoS) condition on the system. /strong /p p The following versions of Mitsubishi Electric GENESIS64 and ICONICS Suite products are affected: /p ul li GENESIS64 lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li ICONICS Suite lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li MobileHMI lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li Hyper Historian lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li AnalytiX lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li MC Works 64 vers:all/* (CVE-2025-14815, CVE-2025-14816) /li li GENESIS lt;=11.02 (CVE-2025-14815, CVE-2025-14816) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Mitsubishi Electric /td td Mitsubishi Electric GENESIS64 and ICONICS Suite products /td td Cleartext Storage of Sensitive Information, Cleartext Storage of Sensitive Information in GUI /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Mitsubishi Electric Iconics Digital Solutions is headquartered in the United States. Mitsubishi Electric is headquartered in Japan. /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-14815 /a /h3 div class="csaf-accordion-content" p When the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication, the SQL Server credentials are stored in plaintext within the local SQLite file. This results in a vulnerability due to Cleartext Storage of Sensitive Information (CWE 312), which may lead to information disclosure, tampering, or denial of service (DoS). /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-14815" View CVE Details /a /p hr h4 Affected Products /h4 h5 Mitsubishi Electric GENESIS64 and ICONICS Suite products /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Mitsubishi Electric /div div class="ics-version" strong Product Version: /strong br Mitsubishi Electric GENESIS64: lt;=10.97.3, Mitsubishi Electric ICONICS Suite: lt;=10.97.3, Mitsubishi Electric MobileHMI: lt;=10.97.3, Mitsubishi Elec

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin