Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update F)

Risk Summary

Successful exploitation of this vulnerability could allow a local attacker to make an unauthorized write to arbitrary files by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file, enabling the attacker to destroy the file on a PC with affected products installed and thereby cause a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

CVEs (1)

Remediations

• Mitsubishi Electric is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX. Please download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads?tabset-a9d51=51905" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf".
• Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX. Please download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads?tabset-a9d51=51905" and install it. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at "https://iconics.com/about/security/cert".
• Mitsubishi Electric is releasing fixed version 10.96 or later for IoTWorX. Please download the fixed version from the link "https://iconicsinc.my.site.com/community/s/iconics-software/a375a000004qDU8AAM/iotworx" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf".
• Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 10.96 or later for IoTWorX. Please download the fixed version from the link "https://iconicsinc.my.site.com/community/s/iconics-software/a375a000004qDU8AAM/iotworx" and install it. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at "https://iconics.com/about/security/cert".
• Mitsubishi Electric is releasing fixed version 11.01 or later for GENESIS. Please download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf".
• Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 11.01 or later for GENESIS. Please download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads" and install it. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at "https://iconics.com/about/security/cert".
• Mitsubishi Electric has no plans to release fixed versions for MC Works64, GENESIS32, and BizViz. For users of MC Works64, GENESIS32, and BizViz, refer to the Mitsubishi Electric security advisory "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf", and take the actions described there.
• Mitsubishi Electric Iconics Digital Solutions has no plans to release fixed versions for GENESIS32 and BizViz. For users of GENESIS32 and BizViz, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at "https://iconics.com/about/security/cert", and take the actions described there.
• For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend configuring the PCs with the affected product installed so that only an administrator can log in, to minimize the risk of exploiting this vulnerability.
• For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend using the PCs with the affected product installed in the LAN and blocking remote login from untrusted networks and hosts, and from non-administrator users, to minimize the risk of exploiting this vulnerability.
• For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend blocking unauthorized access by using a firewall, virtual private network (VPN), etc. and allowing remote login only to administrator when internet access is required, to minimize the risk of exploiting this vulnerability.
• For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend restricting physical access to the PC with the affected product installed and the network to which the PC is connected, to minimize the risk of exploiting this vulnerability.
• For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend preventing the user from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploiting this vulnerability.

Affected Vendors

Affected Products (19)

Affected Sectors

Critical Manufacturing