## Vulnerabilities Expose SQL Server Credentials in Mitsubishi Electric Products Two critical vulnerabilities have been identified in **Mitsubishi Electric**'s **GENESIS64** and **ICONICS Suite** product lines, potentially impacting industrial control systems worldwide. These flaws, detailed in a recent advisory, could allow local attackers to gain unauthorized access to sensitive data and disrupt operations. ### Affected Products The following versions are affected: * GENESIS64 <=10.97.3 (**CVE-2025-14815**, **CVE-2025-14816**) * ICONICS Suite <=10.97.3 (**CVE-2025-14815**, **CVE-2025-14816**) * MobileHMI <=10.97.3 (**CVE-2025-14815**, **CVE-2025-14816**) * Hyper Historian <=10.97.3 (**CVE-2025-14815**, **CVE-2025-14816**) * AnalytiX <=10.97.3 (**CVE-2025-14815**, **CVE-2025-14816**) * MC Works 64 vers:all/* (**CVE-2025-14815**, **CVE-2025-14816**) * GENESIS <=11.02 (**CVE-2025-14815**, **CVE-2025-14816**) ### Technical Details The vulnerabilities are: * **CVE-2025-14815**: When the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication, the SQL Server credentials are stored in plaintext within the local SQLite file. This results in a vulnerability due to Cleartext Storage of Sensitive Information (**CWE-312**), which may lead to information disclosure, tampering, or denial of service (DoS). * **CVE-2025-14816**: In the Hyper Historian Splitter feature of the affected products, when SQL authentication is used for the SQL Server authentication, the SQL Server credentials are displayed in plain text in the GUI. This results in a vulnerability due to Cleartext Storage of Sensitive Information in GUI (**CWE-317**), which may lead to information disclosure, tampering, or denial‑of‑service (DoS). ### Impact Successful exploitation of these vulnerabilities could allow a local attacker to: * Disclose SQL Server credentials. * Disclose, tamper with, or destroy data. * Cause a denial-of-service (DoS) condition on the system. ### Mitigation **CISA** recommends users take the following defensive measures to minimize the risk of exploitation: * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. * Locate control system networks and remote devices behind firewalls and isolate them from business networks. * When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. * Perform proper impact analysis and risk assessment prior to deploying defensive measures. **Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.**