← Back to home
ICSA-25-352-04  ·  Published 2025-12-18  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products

CVSS 8.2 HIGH

Risk Summary

Successful exploitation of this vulnerability could result in denial-of-service (DoS), information tampering, and information disclosure.

CVEs (1)

Remediations

  • Mitsubishi Electric Iconics Digital Solutions recommends users of GENESIS64, IONICS Suite, or MobileHMI upgrade to the GENESIS64 v10.97.3 or higher, or upgrade to the latest product, GENESIS V11, which all contain the fix for this vulnerability.
  • Version 10.97.3 can be downloaded by accessing Community Portal (https://iconicsinc.my.site.com/community) and navigating to "Resources > Product Downloads > 10.97.3."
  • The latest patch version for GENESIS64 Version 10.97.3 can be downloaded from the link below:
  • https://iconicsinc.my.site.com/community/s/software-update/a35QQ000000y2oXYAQ/10973-critical-fixes-rollup-2
  • There are no plans to release a fixed version of MC Works64. Mitsubishi Electric recommends users of MC Works64 upgrade to the GENESIS64 v10.97.3 or higher.
  • Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommends users take the following mitigations to minimize the risk of exploiting this vulnerability:
  • Use the PCs with the affected product installed in the LAN and block remote login from untrusted networks, hosts and users.
  • Block unauthorized access by using a firewall or virtual private network (VPN), etc., and allow remote login only to trusted users when connecting the PCs with the affected product installed to the Internet.
  • Restrict physical access to the PC with the affected product installed and the network to which the PC is connected to prevent unauthorized physical access.
  • Do not click web links in emails from untrusted sources. Also, do not open attachments in untrusted emails.
  • Install an antivirus software in the PC with the affected product installed.
  • Refer to the Mitsubishi Electric Iconics Digital Solutions Whitepaper on Security Vulnerabilities, the most recent version of which can be found at: https://iconics.com/About/Security/CERT
  • Refer to the Mitsubishi Electric security advisory at: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-018_en.pdf for information on the availability of the security updates.

Affected Vendors

Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric

Affected Products (4)

Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric · GENESIS64 <=10.97.2_CFR_3
Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric · ICONICS Suite <=10.97.2_CFR_3
Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric · MobileHMI <=10.97.2_CFR_3
Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric · MC Works64 vers:all/*

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more