Platform
windows
Component
genesis64
Fixed in
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
CVE-2025-14816 describes an Information Disclosure vulnerability discovered in Mitsubishi Electric GENESIS64 and related products. This flaw allows attackers to potentially access sensitive information stored in cleartext within the graphical user interface (GUI). The vulnerability impacts versions 10.97.3 and prior, as well as GENESIS versions 11.02 and prior, and several other Mitsubishi Electric products. Mitigation involves upgrading to a patched version of the software.
The primary impact of CVE-2025-14816 is the exposure of sensitive information. Attackers could exploit this vulnerability to retrieve credentials, configuration details, and other confidential data stored in cleartext within the GUI. This could lead to unauthorized access to systems, data breaches, and potential disruption of operations. The wide range of affected products – including GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, MC Works64, and Iconics Digital Solutions GENESIS64 – significantly expands the potential attack surface. Successful exploitation could allow an attacker to gain a deeper understanding of the industrial control system (ICS) environment and plan further attacks.
CVE-2025-14816 was publicly disclosed on 2026-04-08. The EPSS score is pending evaluation, but the potential for information disclosure in ICS environments warrants careful attention. There are currently no publicly known proof-of-concept exploits available. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
The primary mitigation for CVE-2025-14816 is to upgrade to a patched version of the affected software. Mitsubishi Electric has not yet released a specific fixed version, so monitoring their security advisories is crucial. As a temporary workaround, consider restricting access to the GUI and implementing stricter authentication controls. Review network configurations to limit external access to these systems. Implement robust logging and monitoring to detect any suspicious activity related to GUI access. After upgrading, verify the fix by attempting to access sensitive data through the GUI and confirming that it is no longer exposed in cleartext.
Apply the security updates provided by Mitsubishi Electric Corporation to GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64. Refer to the Mitsubishi Electric security advisory (https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf) for detailed instructions and the patched versions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14816 is an Information Disclosure vulnerability affecting Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, allowing attackers to potentially access sensitive data stored in cleartext within the GUI.
If you are using Mitsubishi Electric GENESIS64 versions 10.97.3 or earlier, or any of the other affected products (ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, MC Works64, Iconics Digital Solutions GENESIS64), you are potentially affected.
The recommended fix is to upgrade to a patched version of the software. Monitor Mitsubishi Electric's security advisories for the release of a fix.
As of the current disclosure date, there are no publicly known reports of active exploitation of CVE-2025-14816.
Refer to Mitsubishi Electric's official security advisory page for updates and information regarding CVE-2025-14816. Check their website for announcements.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.