Perceptive Security
SOC/SIEM Consultancy
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products
Published:
18 december 2025 om 12:00:00
Alert date:
18 december 2025 om 18:04:12
Source:
cisa.gov
A critical OS command injection vulnerability (CVE-2025-11774) affects Mitsubishi Electric's GENESIS64, ICONICS Suite, MobileHMI, and MC Works64 products. The vulnerability exists in the software keyboard function and could allow attackers to execute arbitrary executable files when legitimate users use the keypad function. Successful exploitation could result in denial-of-service, information tampering, and information disclosure. The vulnerability has a CVSS score of 8.2 (HIGH). Mitsubishi Electric recommends upgrading to GENESIS64 v10.97.3 or higher, or migrating to GENESIS V11. No fix is planned for MC Works64, with users advised to upgrade to GENESIS64.
Technical details
Mitigation steps:
Affected products:
GENESIS64
ICONICS Suite
MobileHMI
MC Works64
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-04
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-04.json
https://nvd.nist.gov/vuln/detail/CVE-2025-11774
https://iconicsinc.my.site.com/community
https://iconicsinc.my.site.com/community/s/software-update/a35QQ000000y2oXYAQ/10973-critical-fixes-rollup-2
https://iconics.com/About/Security/CERT
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-018_en.pdf
https://cwe.mitre.org/data/definitions/78.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.