Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for ICONICS Suite by Mitsubishi Electric Corporation

    CVE-2025-14816 (GCVE-0-2025-14816)

    Vulnerability from nvd – Published: 2026-04-08 13:23 – Updated: 2026-04-08 16:04
    VLAI
    Title
    Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
    Summary
    Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-317 - Cleartext Storage of Sensitive Information in GUI
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T16:04:20.566011Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T16:04:26.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
                }
              ],
              "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Tampering, and Denial-of-Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-317",
                  "description": "CWE-317 Cleartext Storage of Sensitive Information in GUI",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:23:41.344Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU90646130/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-14816",
        "datePublished": "2026-04-08T13:23:41.344Z",
        "dateReserved": "2025-12-17T02:11:38.277Z",
        "dateUpdated": "2026-04-08T16:04:26.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14815 (GCVE-0-2025-14815)

    Vulnerability from nvd – Published: 2026-04-08 13:15 – Updated: 2026-04-08 16:03
    VLAI
    Title
    Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
    Summary
    Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T16:03:37.502980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T16:03:44.001Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
                }
              ],
              "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Tampering, and Denial-of-Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:20:28.394Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU90646130/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-14815",
        "datePublished": "2026-04-08T13:15:30.168Z",
        "dateReserved": "2025-12-17T01:59:30.824Z",
        "dateUpdated": "2026-04-08T16:03:44.001Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11774 (GCVE-0-2025-11774)

    Vulnerability from nvd – Published: 2025-12-19 00:22 – Updated: 2025-12-19 19:08
    VLAI
    Title
    Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T19:08:06.554691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T19:08:14.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in the software keyboard function (hereinafter referred to as \"keypad function\") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE."
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in the software keyboard function (hereinafter referred to as \"keypad function\") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T00:22:03.528Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU97729686/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-018_en.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-11774",
        "datePublished": "2025-12-19T00:22:03.528Z",
        "dateReserved": "2025-10-15T02:40:54.345Z",
        "dateUpdated": "2025-12-19T19:08:14.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7376 (GCVE-0-2025-7376)

    Vulnerability from nvd – Published: 2025-08-06 06:28 – Updated: 2026-04-09 05:10
    VLAI
    Title
    Information Tampering Vulnerability in Multiple Processes of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, and GENESIS
    Summary
    Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-64 - Windows Shortcut Following (.LNK)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: version 11.00
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: version 11.00
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-07T14:11:34.071248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-07T14:11:44.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
                }
              ],
              "value": "Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-64",
                  "description": "CWE-64 Windows Shortcut Following (.LNK)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T05:10:54.864Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU96364629"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-009_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Tampering Vulnerability in Multiple Processes of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, and GENESIS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-7376",
        "datePublished": "2025-08-06T06:28:41.185Z",
        "dateReserved": "2025-07-09T02:02:37.759Z",
        "dateUpdated": "2026-04-09T05:10:54.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0921 (GCVE-0-2025-0921)

    Vulnerability from nvd – Published: 2025-05-15 22:36 – Updated: 2026-04-13 23:06
    VLAI
    Title
    Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz
    Summary
    Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: version 11.00
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: version 11.00
    Create a notification for this product.
    Credits
    Asher Davila from Palo Alto Networks Malav Vyas from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-16T13:21:49.388730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-16T13:21:55.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila from Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas from Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
                }
              ],
              "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T23:06:00.161Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93838985"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-0921",
        "datePublished": "2025-05-15T22:36:37.902Z",
        "dateReserved": "2025-01-31T01:50:57.976Z",
        "dateUpdated": "2026-04-13T23:06:00.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9852 (GCVE-0-2024-9852)

    Vulnerability from nvd – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:39:20.927830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:43:35.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:38:42.201Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-9852",
        "datePublished": "2024-11-28T22:20:28.303Z",
        "dateReserved": "2024-10-11T01:20:49.722Z",
        "dateUpdated": "2026-04-08T13:38:42.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8300 (GCVE-0-2024-8300)

    Vulnerability from nvd – Published: 2024-11-28 22:18 – Updated: 2026-01-09 07:52
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite
    Summary
    Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    iconics genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:50:37.535229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:53:27.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-561",
                  "description": "CWE-561 Dead Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T07:52:13.107Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8300",
        "datePublished": "2024-11-28T22:18:28.358Z",
        "dateReserved": "2024-08-29T06:26:41.397Z",
        "dateUpdated": "2026-01-09T07:52:13.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8299 (GCVE-0-2024-8299)

    Vulnerability from nvd – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T16:37:52.677330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T16:40:42.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:35:35.670Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8299",
        "datePublished": "2024-11-28T22:16:31.396Z",
        "dateReserved": "2024-08-29T06:26:34.979Z",
        "dateUpdated": "2026-04-08T13:35:35.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7587 (GCVE-0-2024-7587)

    Vulnerability from nvd – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46
    VLAI
    Title
    Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
    Summary
    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "10.97.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:49.960141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:50:04.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:46:11.126Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95548104"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-7587",
        "datePublished": "2024-10-22T22:19:20.646Z",
        "dateReserved": "2024-08-07T08:06:04.877Z",
        "dateUpdated": "2026-01-09T05:46:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1574 (GCVE-0-2024-1574)

    Vulnerability from nvd – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
    VLAI
    Summary
    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:44:19.238774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:45:36.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:31:05.753Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1574",
        "datePublished": "2024-07-04T09:02:35.260Z",
        "dateReserved": "2024-02-16T01:30:45.960Z",
        "dateUpdated": "2026-04-08T13:31:05.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1573 (GCVE-0-2024-1573)

    Vulnerability from nvd – Published: 2024-07-04 08:59 – Updated: 2026-04-13 22:47
    VLAI
    Summary
    Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) "Automatic log in" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:46:51.356597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:46:55.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T22:47:17.575Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1573",
        "datePublished": "2024-07-04T08:59:44.079Z",
        "dateReserved": "2024-02-16T01:30:41.285Z",
        "dateUpdated": "2026-04-13T22:47:17.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1182 (GCVE-0-2024-1182)

    Vulnerability from nvd – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28
    VLAI
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:23:47.078975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:25:49.496Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:28:11.189Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1182",
        "datePublished": "2024-07-04T08:53:41.217Z",
        "dateReserved": "2024-02-02T00:20:48.886Z",
        "dateUpdated": "2026-04-08T13:28:11.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-23130 (GCVE-0-2022-23130)

    Vulnerability from nvd – Published: 2022-01-21 18:17 – Updated: 2026-01-08 11:45
    VLAI
    Summary
    Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.00A to 4.04E"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T11:45:13.985Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-23130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
                              },
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97 and prior"
                              },
                              {
                                "version_value": "ICONICS Hyper Historian versions 10.97 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-23130",
        "datePublished": "2022-01-21T18:17:30.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2026-01-08T11:45:13.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14816 (GCVE-0-2025-14816)

    Vulnerability from cvelistv5 – Published: 2026-04-08 13:23 – Updated: 2026-04-08 16:04
    VLAI
    Title
    Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
    Summary
    Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-317 - Cleartext Storage of Sensitive Information in GUI
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T16:04:20.566011Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T16:04:26.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
                }
              ],
              "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Tampering, and Denial-of-Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-317",
                  "description": "CWE-317 Cleartext Storage of Sensitive Information in GUI",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:23:41.344Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU90646130/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-14816",
        "datePublished": "2026-04-08T13:23:41.344Z",
        "dateReserved": "2025-12-17T02:11:38.277Z",
        "dateUpdated": "2026-04-08T16:04:26.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14815 (GCVE-0-2025-14815)

    Vulnerability from cvelistv5 – Published: 2026-04-08 13:15 – Updated: 2026-04-08 16:03
    VLAI
    Title
    Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
    Summary
    Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: versions 11.02 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T16:03:37.502980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T16:03:44.001Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 11.02 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
                }
              ],
              "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Tampering, and Denial-of-Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:20:28.394Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU90646130/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-14815",
        "datePublished": "2026-04-08T13:15:30.168Z",
        "dateReserved": "2025-12-17T01:59:30.824Z",
        "dateUpdated": "2026-04-08T16:03:44.001Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11774 (GCVE-0-2025-11774)

    Vulnerability from cvelistv5 – Published: 2025-12-19 00:22 – Updated: 2025-12-19 19:08
    VLAI
    Title
    Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T19:08:06.554691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T19:08:14.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in the software keyboard function (hereinafter referred to as \"keypad function\") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE."
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in the software keyboard function (hereinafter referred to as \"keypad function\") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T00:22:03.528Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU97729686/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-018_en.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-11774",
        "datePublished": "2025-12-19T00:22:03.528Z",
        "dateReserved": "2025-10-15T02:40:54.345Z",
        "dateUpdated": "2025-12-19T19:08:14.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7376 (GCVE-0-2025-7376)

    Vulnerability from cvelistv5 – Published: 2025-08-06 06:28 – Updated: 2026-04-09 05:10
    VLAI
    Title
    Information Tampering Vulnerability in Multiple Processes of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, and GENESIS
    Summary
    Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-64 - Windows Shortcut Following (.LNK)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: version 11.00
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: version 11.00
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-07T14:11:34.071248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-07T14:11:44.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
                }
              ],
              "value": "Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-64",
                  "description": "CWE-64 Windows Shortcut Following (.LNK)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T05:10:54.864Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU96364629"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-009_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Tampering Vulnerability in Multiple Processes of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, and GENESIS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-7376",
        "datePublished": "2025-08-06T06:28:41.185Z",
        "dateReserved": "2025-07-09T02:02:37.759Z",
        "dateUpdated": "2026-04-09T05:10:54.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0921 (GCVE-0-2025-0921)

    Vulnerability from cvelistv5 – Published: 2025-05-15 22:36 – Updated: 2026-04-13 23:06
    VLAI
    Title
    Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz
    Summary
    Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: version 11.00
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: version 11.00
    Create a notification for this product.
    Credits
    Asher Davila from Palo Alto Networks Malav Vyas from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-16T13:21:49.388730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-16T13:21:55.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila from Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas from Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
                }
              ],
              "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T23:06:00.161Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93838985"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-0921",
        "datePublished": "2025-05-15T22:36:37.902Z",
        "dateReserved": "2025-01-31T01:50:57.976Z",
        "dateUpdated": "2026-04-13T23:06:00.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9852 (GCVE-0-2024-9852)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:39:20.927830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:43:35.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:38:42.201Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-9852",
        "datePublished": "2024-11-28T22:20:28.303Z",
        "dateReserved": "2024-10-11T01:20:49.722Z",
        "dateUpdated": "2026-04-08T13:38:42.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8300 (GCVE-0-2024-8300)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:18 – Updated: 2026-01-09 07:52
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite
    Summary
    Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    iconics genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:50:37.535229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:53:27.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-561",
                  "description": "CWE-561 Dead Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T07:52:13.107Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8300",
        "datePublished": "2024-11-28T22:18:28.358Z",
        "dateReserved": "2024-08-29T06:26:41.397Z",
        "dateUpdated": "2026-01-09T07:52:13.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8299 (GCVE-0-2024-8299)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T16:37:52.677330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T16:40:42.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:35:35.670Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8299",
        "datePublished": "2024-11-28T22:16:31.396Z",
        "dateReserved": "2024-08-29T06:26:34.979Z",
        "dateUpdated": "2026-04-08T13:35:35.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7587 (GCVE-0-2024-7587)

    Vulnerability from cvelistv5 – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46
    VLAI
    Title
    Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
    Summary
    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "10.97.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:49.960141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:50:04.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:46:11.126Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95548104"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-7587",
        "datePublished": "2024-10-22T22:19:20.646Z",
        "dateReserved": "2024-08-07T08:06:04.877Z",
        "dateUpdated": "2026-01-09T05:46:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1574 (GCVE-0-2024-1574)

    Vulnerability from cvelistv5 – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
    VLAI
    Summary
    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:44:19.238774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:45:36.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:31:05.753Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1574",
        "datePublished": "2024-07-04T09:02:35.260Z",
        "dateReserved": "2024-02-16T01:30:45.960Z",
        "dateUpdated": "2026-04-08T13:31:05.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1573 (GCVE-0-2024-1573)

    Vulnerability from cvelistv5 – Published: 2024-07-04 08:59 – Updated: 2026-04-13 22:47
    VLAI
    Summary
    Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) "Automatic log in" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:46:51.356597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:46:55.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T22:47:17.575Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1573",
        "datePublished": "2024-07-04T08:59:44.079Z",
        "dateReserved": "2024-02-16T01:30:41.285Z",
        "dateUpdated": "2026-04-13T22:47:17.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1182 (GCVE-0-2024-1182)

    Vulnerability from cvelistv5 – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28
    VLAI
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:23:47.078975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:25:49.496Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:28:11.189Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1182",
        "datePublished": "2024-07-04T08:53:41.217Z",
        "dateReserved": "2024-02-02T00:20:48.886Z",
        "dateUpdated": "2026-04-08T13:28:11.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-23130 (GCVE-0-2022-23130)

    Vulnerability from cvelistv5 – Published: 2022-01-21 18:17 – Updated: 2026-01-08 11:45
    VLAI
    Summary
    Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.00A to 4.04E"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T11:45:13.985Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-23130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
                              },
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97 and prior"
                              },
                              {
                                "version_value": "ICONICS Hyper Historian versions 10.97 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-23130",
        "datePublished": "2022-01-21T18:17:30.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2026-01-08T11:45:13.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }