CVE-2025-0921

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GENESIS64 all versions Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions Mitsubishi Electric ICONICS Suite all versions Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions Mitsubishi Electric MC Works64 all versions Mitsubishi Electric GENESIS version 11.00 Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 Mitsubishi Electric GENESIS32 all versions Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions Mitsubishi Electric BizViz all versions Mitsubishi Electric Iconics Digital Solutions BizViz all versions Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions prior to 10.97.3

Description An execution with unnecessary privileges issue exists in multiple Mitsubishi Electric products. A local authenticated attacker can perform unauthorized writes to arbitrary files by creating a symbolic link from a file used as a write destination to a target file. This could allow the attacker to destroy files on an affected system, potentially leading to a denial-of-service (DoS) condition if the destroyed file is critical for system operation. The vulnerability impacts the Pager agent of the multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64. Reports indicate this issue could affect critical industrial systems and lead to a DoS attack.

Recommendations Mitsubishi Electric GENESIS64: Update to a version later than 10.97.3. Mitsubishi Electric Iconics Digital Solutions GENESIS64: Update to a version later than 10.97.3. Mitsubishi Electric ICONICS Suite: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric Iconics Digital Solutions ICONICS Suite: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric MC Works64: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric GENESIS version 11.00: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric GENESIS32: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric Iconics Digital Solutions GENESIS32: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric BizViz: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mitsubishi Electric Iconics Digital Solutions BizViz: At the moment, there is no information about a newer version that contains a fix for this vulnerability.