Critical Vulnerabilities in Mitsubishi Electric GENESIS64 and ICONICS Suite

Mitsubishi Electric GENESIS64 and ICONICS Suite versions ≤10.97.3 or ≤11.02 contain two high-severity vulnerabilities (CVE-2025-14815 and CVE-2025-14816) that expose SQL Server credentials in plaintext. Exploitation could lead to data breaches, tampering, or DoS attacks, affecting industrial control systems and OT environments. Immediate patching or mitigation is critical to prevent unauthorized access.

---
title: "Critical Vulnerabilities in Mitsubishi Electric GENESIS64 and ICONICS Suite"
short_title: "Mitsubishi Electric Products Expose SQL Credentials"
description: "High-severity vulnerabilities in Mitsubishi Electric GENESIS64 and ICONICS Suite expose SQL Server credentials, risking data breaches and DoS attacks. Learn mitigation steps now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [mitsubishi-electric, cve-2025-14815, cve-2025-14816, sql-injection, dos]
score: 0.85
cve_ids: [CVE-2025-14815, CVE-2025-14816]
---

TL;DR

Mitsubishi Electric’s GENESIS64 and ICONICS Suite products are affected by two high-severity vulnerabilities (CVE-2025-14815, CVE-2025-14816) that expose SQL Server credentials in plaintext. Exploitation could lead to data breaches, tampering, or denial-of-service (DoS) attacks. Immediate patching or mitigation steps are strongly recommended for all affected versions.

---

Main Content

Introduction

Mitsubishi Electric has disclosed two critical vulnerabilities in its GENESIS64 and ICONICS Suite products, which could allow local attackers to expose sensitive SQL Server credentials. These flaws, tracked as CVE-2025-14815 and CVE-2025-14816, stem from plaintext storage of credentials in local files and GUI interfaces, respectively. Organizations using affected versions are urged to apply patches or follow mitigation guidance to prevent potential data breaches, tampering, or DoS conditions.

---

Key Points

- Affected Products: GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, MC Works 64, and GENESIS (versions ≤10.97.3 or ≤11.02).
- Vulnerabilities:
- CVE-2025-14815: SQL Server credentials stored in plaintext in local SQLite files when local caching is enabled.
- CVE-2025-14816: SQL Server credentials displayed in plaintext in the GUI via the Hyper Historian Splitter feature.
- CVSS Score: 8.8 (High) for both vulnerabilities, indicating significant risk.
- Impact: Successful exploitation could lead to unauthorized data access, tampering, or system disruption.
- Mitigation: Apply patches (v10.98+ or v11.03+), disable local caching, or implement recommended security measures.

---

Technical Details

#### CVE-2025-14815: Cleartext Storage of Sensitive Information
When the local caching feature in Mitsubishi Electric’s products is enabled and SQL authentication is used, SQL Server credentials are stored in plaintext within local SQLite files. This vulnerability (CWE-312) allows local attackers to extract credentials, potentially leading to unauthorized data access, tampering, or DoS attacks.

Affected Files:
- `C:\ProgramData\ICONICS\Cache\*.sdf` (for versions ≤10.97.3)
- `C:\ProgramData\ICONICS\11\Cache\*.sqlite3` (for versions ≤11.02)

---

#### CVE-2025-14816: Cleartext Storage in GUI
In the Hyper Historian Splitter feature, SQL Server credentials are displayed in plaintext within the GUI when SQL authentication is used. This flaw (CWE-317) exposes credentials to attackers with access to the interface, enabling information disclosure, tampering, or DoS attacks.

---

Impact Assessment

The vulnerabilities pose a high risk to organizations in critical manufacturing sectors, where Mitsubishi Electric’s products are widely deployed. Exploitation could result in:
- Data Breaches: Unauthorized access to sensitive operational or corporate data.
- System Tampering: Modification or destruction of critical data.
- Denial-of-Service (DoS): Disruption of industrial processes or operations.
- Lateral Movement: Attackers could use exposed credentials to move within networks, escalating privileges.

---

Mitigation Steps

#### Immediate Actions
1. Apply Patches:
- Upgrade to v10.98+ for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX.
- Upgrade to v11.03+ for GENESIS.
- Download patches from [Mitsubishi Electric’s official portal](https://iconicsinc.my.site.com/community/s/resource-center/product-downloads).

2. Disable Local Caching:
- In Workbench, open the “Configure Application(s) Settings” dialog.
- Uncheck the “Local Cache” column for all applications.

3. Delete Cached Files:
- Remove files from:
- `C:\ProgramData\ICONICS\Cache\*.sdf` (for versions ≤10.97.3)
- `C:\ProgramData\ICONICS\11\Cache\*.sqlite3` (for versions ≤11.02)

4. For MC Works 64 (No Fix Planned):
- Follow mitigation steps outlined in [Mitsubishi Electric’s security advisory](https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf).

---

#### Additional Security Measures
- Use Windows Authentication: Replace SQL authentication with Windows authentication where possible.
- Restrict Access: Configure systems to allow only administrator logins.
- Network Isolation: Use affected products within LANs and block remote access from untrusted networks.
- Firewall/VPN: Implement firewalls or VPNs to block unauthorized access.
- Physical Security: Restrict physical access to systems running affected products.
- User Training: Educate users to avoid clicking on suspicious links or attachments.

---

Affected Systems

The following Mitsubishi Electric and ICONICS Suite products are affected:

| Product | Affected Versions | Vulnerabilities |
|---------------------------|----------------------------|----------------------------------------|
| GENESIS64 | ≤10.97.3 | CVE-2025-14815, CVE-2025-14816 |
| ICONICS Suite | ≤10.97.3 | CVE-2025-14815, CVE-2025-14816 |
| MobileHMI | ≤10.97.3 | CVE-2025-14815, CVE-2025-14816 |
| Hyper Historian | ≤10.97.3 | CVE-2025-14815, CVE-2025-14816 |
| AnalytiX | ≤10.97.3 | CVE-2025-14815, CVE-2025-14816 |
| MC Works 64 | All versions | CVE-2025-14815, CVE-2025-14816 |
| GENESIS | ≤11.02 | CVE-2025-14815, CVE-2025-14816 |

---

Conclusion

The vulnerabilities in Mitsubishi Electric’s GENESIS64 and ICONICS Suite products highlight the critical importance of secure credential storage and access control in industrial environments. Organizations must act swiftly to apply patches or implement mitigations to prevent exploitation. Given the high CVSS score (8.8) and potential for data breaches or operational disruption, this advisory should be treated as a priority.

For further details, refer to:
- [Mitsubishi Electric’s Security Advisory](https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf)
- [ICONICS Security Resources](https://iconics.com/about/security/cert)

---

References

[^1]: CISA. "[ICSA-26-097-01 Mitsubishi Electric GENESIS64 and ICONICS Suite Products](https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01)". Retrieved 2025-01-24.
[^2]: Mitsubishi Electric. "[Security Advisory 2025-023](https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf)". Retrieved 2025-01-24.
[^3]: ICONICS. "[Security Certifications and Best Practices](https://iconics.com/about/security/cert)". Retrieved 2025-01-24.