Plattform
windows
Komponente
genesis64
Behoben in
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
CVE-2025-14816 describes an Information Disclosure vulnerability discovered in Mitsubishi Electric GENESIS64 and related products. This flaw allows attackers to potentially access sensitive information stored in cleartext within the graphical user interface (GUI). The vulnerability impacts versions 10.97.3 and prior, as well as GENESIS versions 11.02 and prior, and several other Mitsubishi Electric products. Mitigation involves upgrading to a patched version of the software.
The primary impact of CVE-2025-14816 is the exposure of sensitive information in cleartext. This could include passwords, configuration data, or other confidential information that could be exploited by attackers. The affected products are widely used in industrial control systems (ICS) and operational technology (OT) environments, making this vulnerability particularly concerning. A successful exploitation could lead to unauthorized access to critical systems, data breaches, and disruption of industrial processes. The broad range of affected products increases the potential attack surface and the overall risk to organizations.
CVE-2025-14816 was published on 2026-04-08. The vulnerability type is Information Disclosure. No public exploits or active campaigns targeting this vulnerability have been reported at the time of publication. It is not currently listed on KEV or EPSS.
Organizations utilizing Mitsubishi Electric GENESIS64 and related products in their industrial control systems are at risk. This includes manufacturing plants, power generation facilities, and other critical infrastructure sectors. Legacy configurations and deployments using older versions of these products are particularly vulnerable, as are environments with limited network segmentation.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*genesis*'} | Select-Object Name, Id, CPU, WorkingSet• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*genesis*'} | Select-Object TaskName, State, LastRunTime• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Mitsubishi Electric GENESIS64']]]" -MaxEvents 10disclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
CISA SSVC
The primary mitigation for CVE-2025-14816 is to upgrade to the patched versions of the affected products. Mitsubishi Electric has released updates for GENESIS64 versions 11.02 and later, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, and GENESIS. If upgrading is not immediately possible, consider implementing compensating controls such as restricting access to the GUI, monitoring network traffic for suspicious activity, and implementing strong authentication measures. Review and harden system configurations to minimize the potential impact of a successful exploitation. After upgrading, verify the fix by examining the GUI and confirming that sensitive information is no longer stored in cleartext.
Aplique las actualizaciones de seguridad proporcionadas por Mitsubishi Electric Corporation a GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, y MC Works64. Consulte la alerta de seguridad de Mitsubishi Electric (https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf) para obtener instrucciones detalladas y las versiones corregidas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14816 is an Information Disclosure vulnerability affecting Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, allowing attackers to potentially access sensitive data stored in cleartext within the GUI.
If you are using Mitsubishi Electric GENESIS64 versions 10.97.3 or earlier, or any of the other affected products (ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, MC Works64, Iconics Digital Solutions GENESIS64), you are potentially affected.
The recommended fix is to upgrade to a patched version of the software. Monitor Mitsubishi Electric's security advisories for the release of a fix.
As of the current disclosure date, there are no publicly known reports of active exploitation of CVE-2025-14816.
Refer to Mitsubishi Electric's official security advisory page for updates and information regarding CVE-2025-14816. Check their website for announcements.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.