- Description
- Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
- Source
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- CWE-312
- Hype score
- Not currently trending
三菱電機社GENESIS64、ICONICS SuiteわMobileHMI、Hyper Historian、AnalytiX、MC Works64、GENESISに複数の重大(Critical)な脆弱性。CVE-2025-14815とCVE-2025-14816はCVSSスコア9.3で、それぞれローカルキャッシュ(SQLite)とUIからのSQL Server資格
@__kokumoto
14 Apr 2026
970 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-14815 Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97… https://t.co/TaQgqWZ7ci
@CVEnew
12 Apr 2026
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 Today's Top Vulnerabilities 🔴 CVE-2026-2942 | CVSS 9.8 🔴 CVE-2026-25776 | CVSS 9.3 🔴 CVE-2025-14815 | CVSS 9.3 🔗 https://t.co/MGnNrzO0Nd #CVE #Vulnerability #ThreatIntel
@ctiwatchcloud
9 Apr 2026
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** CISA ICS Advisory: Mitsubishi Electric GENESIS64 and ICONICS Suite products (multiple ICS advisories/updates) 📅 **Timeline:** Disclosure: 2026-04-07, Patch: Multiple (see references) 🆔 **CVE-2025-14815** | 📊 CVSS: 8.8 (HIGH 🟠) | 📈
@syedaquib77
8 Apr 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Cleartext Storage and Display of SQL Server Credentials in Mitsubishi Electric GENESIS64 and ICONICS Suite (CVE-2025-14815, CVE-2025-14816) 🆔 **CVE-2025-14815** | 📊 CVSS: 8.8 (High 🟠) | 📈 EPSS: N/A% 🆔 **CVE-2025-14816** | 📊 CVSS:
@syedaquib77
7 Apr 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Plaintext storage of sensitive information in multiple Mitsubishi Electric products (CVE-2025-14815, CVE-2025-14816) 🆔 **CVE-2025-14815** 🆔 **CVE-2025-14816** 🛠️ **Exploit Maturity:** Not Available 📂 **Affected Versions:** GENESIS64
@syedaquib77
7 Apr 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes