平台
windows
组件
genesis64
修复版本
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
10.97.4
CVE-2025-14815 describes an Information Disclosure vulnerability discovered in several Mitsubishi Electric products, including GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX. This vulnerability allows attackers to potentially access sensitive information stored in cleartext. Affected versions include GENESIS64 versions 10.97.3 and prior, and GENESIS versions 11.02 and prior. Mitigation involves upgrading to a patched version of the software.
The primary impact of CVE-2025-14815 is the exposure of sensitive information. Attackers could potentially gain access to usernames, passwords, configuration files, and other confidential data stored in cleartext within the affected systems. This could lead to unauthorized access to industrial control systems (ICS), data breaches, and disruption of operations. The cleartext storage of credentials is particularly concerning, as it could enable attackers to escalate privileges and move laterally within the network. The scope of potential impact is broad, given the widespread use of Mitsubishi Electric's industrial automation products across various sectors.
CVE-2025-14815 was publicly disclosed on 2026-04-08. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not currently available, but the cleartext storage nature of the vulnerability makes it likely that exploits will be developed. The potential for widespread impact across industrial control systems warrants close monitoring.
Organizations utilizing Mitsubishi Electric's GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX products, particularly those with legacy configurations or those operating in critical infrastructure sectors, are at significant risk. Shared hosting environments utilizing these products also face increased exposure due to the potential for cross-tenant vulnerabilities.
• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*GENESIS*'} | Format-List TaskName, State• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*genesis*'} | Format-List ProcessName, Id, CPU• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Mitsubishi Electric']]]" | Format-List TimeCreated, Messagedisclosure
漏洞利用状态
EPSS
0.01% (1% 百分位)
CISA SSVC
The primary mitigation for CVE-2025-14815 is to upgrade to a patched version of the affected software. Mitsubishi Electric has not yet released a fixed version, so immediate action is required. As an interim measure, consider segmenting the network to limit the potential impact of a breach. Implement strict access controls and monitor for unusual activity. Review and strengthen password policies to minimize the risk of credential compromise. Until a patch is available, regularly audit configurations and data storage practices to identify and remediate any other instances of cleartext storage. After upgrading, verify the fix by attempting to access the previously exposed sensitive information; it should no longer be accessible.
Actualice GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, y MC Works64 a una versión posterior a 10.97.3 o a una versión posterior a 11.02 para GENESIS. Asegúrese de que el acceso a la base de datos SQLite esté restringido a usuarios autorizados y desactive la función de almacenamiento en caché de SQLite si no es necesaria. Revise y fortalezca las políticas de seguridad para evitar el acceso no autorizado a los sistemas.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-14815 is an Information Disclosure vulnerability affecting Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, allowing potential access to sensitive data stored in cleartext.
You are affected if you are using GENESIS64 versions 10.97.3 and prior, or GENESIS versions 11.02 and prior. Other Mitsubishi Electric products are also affected.
Upgrade to a patched version of the software as soon as it becomes available from Mitsubishi Electric. Until then, implement network segmentation and access controls.
While no active exploitation has been confirmed, the cleartext storage nature of the vulnerability makes it a likely target for attackers.
Refer to the Mitsubishi Electric website for official security advisories and updates regarding CVE-2025-14815.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。