OTPulse
FeedAboutContact

Mitsubishi Electric Iconics Digital Solutions Multiple Products (Update A)

Monitor5.9ICS-CERT ICSA-25-217-01Aug 5, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

A vulnerability in Mitsubishi Electric ICONICS Digital Solutions products (GENESIS, GENESIS64, MC Works64) allows an attacker with low-level local user account access and user interaction to tamper with information stored on the affected system. GENESIS version 11.00 is affected; GENESIS64 and MC Works64 are vulnerable in all versions. The CVSS score is 5.9 (medium), and the vulnerability is not currently actively exploited.

What this means
What could happen
An attacker with local access and low privileges could modify data or system information on the host running GENESIS or GENESIS64, potentially corrupting operational data or control parameters.
Who's at risk
Energy sector operators running Mitsubishi Electric ICONICS products should assess this vulnerability. It affects GENESIS (version 11.00), GENESIS64 (all versions), and MC Works64 (all versions), which are commonly used in power generation, distribution control, and energy management systems. Organizations using these HMI/SCADA platforms need to track patch availability and restrict local access to critical systems.
How it could be exploited
An attacker with a local user account on the machine running GENESIS or GENESIS64 could manipulate file permissions or system resources to alter information stored by the application. The attack requires user interaction (UI:R in CVSS) and local system access—it is not remotely exploitable.
Prerequisites
  • Local user account on the system running GENESIS, GENESIS64, or MC Works64
  • Low privilege level (non-administrator)
  • User interaction required (e.g., user must perform an action that triggers the vulnerability)
no patch available for GENESIS64 and MC Works64requires local system accessinformation tampering riskaffects operational data integrity
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (3)
2 with fix1 EOL
ProductAffected VersionsFix Status
MC Works64: vers:all/*All versionsNo fix (EOL)
GENESIS64: vers:all/*All versions11.01
GENESIS: 11.0011.0011.01
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDFor GENESIS64 and MC Works64: Monitor vendor communications for patch availability; contact Mitsubishi Electric Iconics Digital Solutions Support for upgrade timeline and interim mitigation options
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade GENESIS from version 11.00 to version 11.01 or later
Mitigations - no patch available
0/1
MC Works64: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGRestrict local system access to GENESIS and GENESIS64 hosts to authorized personnel only; apply principle of least privilege to user accounts on these systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/82bb853a-b97d-4f52-b281-fbb1167f8966
Mitsubishi Electric Iconics Digital Solutions Multiple Products (Update A) | CVSS 5.9 - OTPulse