Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products
Plan PatchCVSS 8.2ICS-CERT ICSA-25-352-04Dec 18, 2025
Mitsubishi ElectricICONICSEnergyManufacturing
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
A command injection vulnerability exists in Mitsubishi Electric ICONICS GENESIS64, ICONICS Suite, MobileHMI, and MC Works64 that allows local users with valid credentials to execute arbitrary system commands on the workstation. The vulnerability is triggered through user interaction with the affected application (such as clicking a malicious link or opening a crafted file). Successful exploitation could result in denial-of-service, information disclosure, and manipulation of data on the compromised workstation. MC Works64 has no planned fix; users are advised to upgrade to GENESIS64 v10.97.3 or higher.
What this means
What could happen
An attacker with local access and user-level credentials could execute arbitrary commands on engineering workstations running GENESIS64, ICONICS Suite, or MobileHMI, potentially altering process parameters, stopping production, or accessing sensitive plant configuration data.
Who's at risk
Energy and manufacturing facilities operating ICONICS GENESIS64, ICONICS Suite, or MobileHMI on engineering workstations should treat this as a risk to plant supervisory systems and HMI interfaces. Any PC running these products that allows remote access or sits on a networked infrastructure could be compromised. MC Works64 users have no patch available and should prioritize migration. Manufacturing plants, power distribution control centers, and water utilities that use these products for SCADA or process monitoring are at risk.
How it could be exploited
An attacker with local user access on a PC running one of the affected products could trigger arbitrary command execution through a malicious interaction with the application (such as a crafted input or file). The attack requires the user to interact with the application, but once executed, allows the attacker to run system commands with the privileges of the logged-in user, potentially escalating to system-level access.
Prerequisites
- Local or physical access to the affected workstation
- Valid user account credentials on the workstation
- User interaction (user clicks malicious link or opens crafted file)
- Affected software (GENESIS64 versions ≤10.97.2_CFR_3, ICONICS Suite ≤10.97.2_CFR_3, or MobileHMI ≤10.97.2_CFR_3) installed and running
requires local or physical accessrequires user interactionaffects supervisory and HMI systemsno patch available for MC Works64command execution possible on engineering workstations
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (4)
3 with fix1 EOL
ProductAffected VersionsFix Status
GENESIS64: <=10.97.2_CFR_3≤ 10.97.2 CFR 310.97.3+, or GENESIS V11
ICONICS Suite: <=10.97.2_CFR_3≤ 10.97.2 CFR 310.97.3+, or GENESIS V11
MobileHMI: <=10.97.2_CFR_3≤ 10.97.2 CFR 310.97.3+, or GENESIS V11
MC Works64: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/8
Do now
0/2WORKAROUNDRestrict network access to PCs running affected products: block remote login from untrusted networks and allow only trusted users to log in remotely
WORKAROUNDImplement firewall rules or VPN to control and restrict remote access to engineering workstations
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate GENESIS64 to version 10.97.3 or later, or upgrade to GENESIS V11
HOTFIXUpdate ICONICS Suite to version 10.97.3 or later, or upgrade to GENESIS V11
HOTFIXUpdate MobileHMI to version 10.97.3 or later, or upgrade to GENESIS V11
Mitigations - no patch available
0/3MC Works64: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGFor MC Works64 (no patch available), migrate to GENESIS64 version 10.97.3 or higher
HARDENINGRestrict physical access to PCs and networks where the affected products are installed
HARDENINGInstall and maintain antivirus software on all PCs running the affected products
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a50017fb-51b4-45f8-9360-574f1c907129Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.