Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products

Plan Patch8.2ICS-CERT ICSA-25-352-04Dec 18, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

Command injection vulnerability in Mitsubishi Electric Iconics GENESIS64, ICONICS Suite, and MobileHMI affecting versions up to 10.97.2_CFR_3. Successful exploitation could allow arbitrary command execution with elevated privileges, leading to denial of service, information tampering, and information disclosure. MC Works64 (all versions) is also affected. The vulnerability requires local user access or physical access and user interaction, such as clicking a malicious link or opening a crafted file.

What this means

What could happen

An attacker with local access to a PC running GENESIS64, ICONICS Suite, or MobileHMI could execute arbitrary commands, causing the HMI system to become unavailable, allowing them to alter displayed data, or exfiltrate sensitive information from the control system environment.

Who's at risk

Energy companies and manufacturing facilities using GENESIS64, ICONICS Suite, or MobileHMI for HMI/SCADA monitoring and control. MC Works64 is also affected with no vendor fix available. These products are commonly deployed on engineering workstations and control room PCs in utility and industrial environments.

How it could be exploited

An attacker with local user credentials or physical access to a workstation running the affected software could trigger command injection through user interaction (e.g., clicking a malicious link or opening a crafted file), leading to arbitrary code execution with escalated privileges. The vulnerability could also be exploited remotely if the attacker first gains initial access to the network and then tricks a user into opening malicious content.

Prerequisites

Local user account on the workstation running GENESIS64, ICONICS Suite, or MobileHMI
User interaction required (clicking a link or opening an attachment)
Alternatively, network access with ability to deliver a payload to the workstation

Local privilege escalation requiredUser interaction requiredAffects HMI/supervisory control systemsNo fix available for MC Works64CVSS 8.2 (high severity)

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

GENESIS64: <=10.97.2_CFR_3≤ 10.97.2 CFR 310.97.3 or later, or GENESIS V11

ICONICS Suite: <=10.97.2_CFR_3≤ 10.97.2 CFR 310.97.3 or later, or GENESIS V11

MobileHMI: <=10.97.2_CFR_3≤ 10.97.2 CFR 310.97.3 or later, or GENESIS V11

MC Works64: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/9

Do now

0/2

WORKAROUNDRestrict PC network access to LAN only and block remote login from untrusted networks and hosts

WORKAROUNDDeploy firewall rules to block unauthorized access and restrict remote login to trusted users only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade GENESIS64 to version 10.97.3 or later, or upgrade to GENESIS V11

HOTFIXUpgrade ICONICS Suite to version 10.97.3 or later, or upgrade to GENESIS V11

HOTFIXUpgrade MobileHMI to version 10.97.3 or later, or upgrade to GENESIS V11

Mitigations - no patch available

0/4

MC Works64: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGFor MC Works64 (no fix available), migrate users to GENESIS64 v10.97.3 or higher as a long-term replacement

HARDENINGRestrict physical access to workstations running affected products and isolate their networks

HARDENINGDeploy antivirus software on all PCs running affected products

HARDENINGEducate users not to click links in emails from untrusted sources and not to open attachments from untrusted emails

CVEs (1)

CVE-2025-11774

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a50017fb-51b4-45f8-9360-574f1c907129