CVE-2025-11774

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior Mitsubishi Electric MC Works64 (affected versions not specified)

Description An improper neutralization of special elements used in an OS command ('OS Command Injection') exists in the software keyboard function (referred to as the "keypad function") of the listed products. A local attacker can execute arbitrary executable files (EXE) when a legitimate user utilizes the keypad function by modifying the function's configuration file. Successful exploitation could lead to the disclosure, modification, deletion, or destruction of information stored on the affected PC, or a denial-of-service (DoS) condition. The vulnerability affects the keypad function specifically.

Recommendations Mitsubishi Electric GENESIS64 versions prior to 10.97.2 CFR3 should be updated. Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions prior to 10.97.2 CFR3 should be updated. Mitsubishi Electric ICONICS Suite versions prior to 10.97.2 CFR3 should be updated. Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions prior to 10.97.2 CFR3 should be updated. Mitsubishi Electric MobileHMI versions prior to 10.97.2 CFR3 should be updated. Mitsubishi Electric Iconics Digital Solutions MobileHMI versions prior to 10.97.2 CFR3 should be updated. Mitsubishi Electric MC Works64 (affected versions not specified) should be updated when a fix is available.