Mitsubishi Electric GENESIS64 and ICONICS Suite products

Plan PatchCVSS 8.8ICS-CERT ICSA-26-097-01Apr 7, 2026

Mitsubishi ElectricICONICSEnergyManufacturing

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple Mitsubishi Electric ICONICS and GENESIS HMI products store SQL Server credentials in plaintext in local cache files accessible to local users. CWE-312 (Cleartext Storage of Sensitive Information) and CWE-317 (Cleartext Storage in GUI) allow a local attacker with user-level privileges to read these credentials from C:\ProgramData\ICONICS\Cache\*.sdf files. Once obtained, the attacker can use the credentials to connect to the backend SQL Server database and disclose, modify, or delete operational data, or cause denial-of-service conditions on the database server.

What this means

What could happen

A local attacker with limited user privileges could extract SQL Server credentials stored by these products, then use those credentials to read, modify, or delete data in connected databases, or crash the SQL Server instance.

Who's at risk

Energy and manufacturing facilities using Mitsubishi Electric GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, or GENESIS HMI platforms should be concerned. These products are commonly used to display and manage process data from PLCs and other equipment. Facilities running MC Works 64 are also affected but no patch will be available.

How it could be exploited

An attacker with local access to a Windows system running GENESIS64, ICONICS Suite, or related products can access unencrypted SQL Server credentials stored in the local cache files. With these credentials, they can connect directly to the SQL Server database to steal or corrupt operational data, or deny service by shutting down the database.

Prerequisites

Local user account on the system running affected products
Windows file system access to C:\ProgramData\ICONICS\Cache\ directory

Low complexity attackLocal access requiredAffects database integrity and availabilityMC Works 64 has no patch planned

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (7)

6 with fix1 EOL

ProductAffected VersionsFix Status

GENESIS64≤ 10.97.3Fix available

ICONICS Suite≤ 10.97.3Fix available

MobileHMI≤ 10.97.3Fix available

Hyper Historian≤ 10.97.3Fix available

AnalytiX≤ 10.97.3Fix available

MC Works 64All versionsNo fix (EOL)

GENESIS≤ 11.02Fix available

Remediation & Mitigation

0/9

Do now

0/2

WORKAROUNDAfter patching, disable Local Cache by unchecking the 'Local Cache' column for all applications in Workbench's Configure Application(s) Settings dialog

WORKAROUNDDelete existing local cache files at C:\ProgramData\ICONICS\Cache\*.sdf

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

GENESIS64

HOTFIXUpdate GENESIS64 to version 10.98 or later

ICONICS Suite

HOTFIXUpdate ICONICS Suite to version 10.98 or later

MobileHMI

HOTFIXUpdate MobileHMI to version 10.98 or later

Hyper Historian

HOTFIXUpdate Hyper Historian to version 10.98 or later

AnalytiX

HOTFIXUpdate AnalytiX to version 10.98 or later

GENESIS

HOTFIXUpdate GENESIS to version 11.03 or later

Mitigations - no patch available

0/1

MC Works 64 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict local user account access to C:\ProgramData\ICONICS\Cache\ directory using Windows file permissions

CVEs (2)

CVE-2025-14815 CVE-2025-14816

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/54714710-2674-4c95-a733-e7aaca019943

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.