← Back to home
ICSA-24-296-01  ·  Published 2026-02-24  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could result in disclosure of confidential information, data tampering, or a denial-of-service condition.

CVEs (1)

Remediations

  • Mitsubishi Electric Iconics Digital Solutions GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI: Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric are releasing security updates for GENESIS64 and ICONICS Suite as critical fixes and rollup releases. For more information on these security updates, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities. The most recent version is available at: https://iconicsinc.my.site.com/community/s/login/ .
  • Mitsubishi Electric GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI: Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric are releasing security updates for GENESIS64 and ICONICS Suite as critical fixes and rollup releases. For more information on these security updates, please refer to the Mitsubishi Electric security advisory. The most recent version is available at: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf.
  • There are no plans to release a security update for MC Works64. Users of MC Works64 should refer to the Mitsubishi Electric security advisory and take the recommended actions outlined in the advisory. The most recent version is available at: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-008_en.pdf .
  • For GENESIS32 users, no security patches or fixed versions will be released. Version 9 products have reached the retired stage of the product lifecycle. As outlined in the policy, these versions are no longer monitored for security vulnerabilities and will not receive fixes or patches. Refer to the product lifecycle policy for full details: https://iconics.com/en-us/Lifecycle-Policy .
  • Verify that the permissions on the C:\ProgramData\ICONICS folder do not include "Everyone". If the folder includes "Everyone" permission, manually remove "Everyone" from the folder permissions for the C:\ProgramData\ICONICS folder and all folders under it.
  • For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend using a PC with the affected product installed within a LAN and configuring it to block remote logins from untrusted networks, hosts, or users to reduce the risk of exploitation.
  • For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend implementing firewalls, virtual private networks (VPN), and other security measures to prevent unauthorized access, and allowing remote login only for trusted users to reduce the risk of exploitation when PCs with the affected product installed are connected to the Internet.
  • For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the PC running the affected product and its connected network to prevent unauthorized physical access. This measure helps reduce the risk of exploitation.
  • For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend advising users to avoid clicking on links in emails or messages from untrusted sources and to refrain from opening attachments from untrusted emails to reduce the risk of exploitation.
  • For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommends installing anti-virus software on the PC running the affected product to reduce the risk of exploitation.
  • For more information, see the associated Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities: https://iconicsinc.my.site.com/community/s/login/
  • For more information see the associated Mitsubishi Electric security advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf.

Affected Vendors

Mitsubishi Electric Mitsubishi Electric Iconics Digital Solutions

Affected Products (13)

Mitsubishi Electric Iconics Digital Solutions · GENESIS64 <=10.97.3
Mitsubishi Electric Iconics Digital Solutions · ICONICS Suite <=10.97.3
Mitsubishi Electric Iconics Digital Solutions · Hyper Historian <=10.97.3
Mitsubishi Electric Iconics Digital Solutions · AnalytiX <=10.97.3
Mitsubishi Electric Iconics Digital Solutions · MobileHMI <=10.97.3
Mitsubishi Electric Iconics Digital Solutions · GENESIS32 <=9.70.300.23
Mitsubishi Electric · GENESIS64 <=10.97.3
Mitsubishi Electric · ICONICS Suite <=10.97.3
Mitsubishi Electric · Hyper Historian <=10.97.3
Mitsubishi Electric · AnalytiX <=10.97.3
Mitsubishi Electric · MobileHMI <=10.97.3
Mitsubishi Electric · GENESIS32 <=9.70.300.23
Mitsubishi Electric · MC Works64 vers:all/*

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more