Platform
windows
Component
genesis64
Fixed in
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
CVE-2025-14815 describes an Information Disclosure vulnerability discovered in several Mitsubishi Electric products, including GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX. This vulnerability allows attackers to potentially access sensitive information stored in cleartext. Affected versions include GENESIS64 versions 10.97.3 and prior, and GENESIS versions 11.02 and prior. Mitigation involves upgrading to a patched version of the software.
The primary impact of CVE-2025-14815 is the exposure of sensitive information. Attackers could potentially gain access to usernames, passwords, configuration files, and other confidential data stored in cleartext within the affected systems. This could lead to unauthorized access to industrial control systems (ICS), data breaches, and disruption of operations. The cleartext storage of credentials is particularly concerning, as it could enable attackers to escalate privileges and move laterally within the network. The scope of potential impact is broad, given the widespread use of Mitsubishi Electric's industrial automation products across various sectors.
CVE-2025-14815 was publicly disclosed on 2026-04-08. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not currently available, but the cleartext storage nature of the vulnerability makes it likely that exploits will be developed. The potential for widespread impact across industrial control systems warrants close monitoring.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
The primary mitigation for CVE-2025-14815 is to upgrade to a patched version of the affected software. Mitsubishi Electric has not yet released a fixed version, so immediate action is required. As an interim measure, consider segmenting the network to limit the potential impact of a breach. Implement strict access controls and monitor for unusual activity. Review and strengthen password policies to minimize the risk of credential compromise. Until a patch is available, regularly audit configurations and data storage practices to identify and remediate any other instances of cleartext storage. After upgrading, verify the fix by attempting to access the previously exposed sensitive information; it should no longer be accessible.
Update GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64 to a version later than 10.97.3 or a version later than 11.02 for GENESIS. Ensure that access to the SQLite database is restricted to authorized users and disable the SQLite caching feature if it is not required. Review and strengthen security policies to prevent unauthorized access to systems.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14815 is an Information Disclosure vulnerability affecting Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, allowing potential access to sensitive data stored in cleartext.
You are affected if you are using GENESIS64 versions 10.97.3 and prior, or GENESIS versions 11.02 and prior. Other Mitsubishi Electric products are also affected.
Upgrade to a patched version of the software as soon as it becomes available from Mitsubishi Electric. Until then, implement network segmentation and access controls.
While no active exploitation has been confirmed, the cleartext storage nature of the vulnerability makes it a likely target for attackers.
Refer to the Mitsubishi Electric website for official security advisories and updates regarding CVE-2025-14815.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.