AI description
CVE-2025-14816 is a "Cleartext Storage of Sensitive Information in GUI" vulnerability impacting several Mitsubishi Electric industrial control system (ICS) products. These products include GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64. The vulnerability specifically resides within the Hyper Historian Splitter feature. When SQL authentication is configured, this feature displays SQL Server credentials in plain text within its graphical user interface. A local attacker can exploit this flaw to obtain these database credentials, potentially leading to unauthorized access to the SQL Server.
- Description
- Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
- Source
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- CWE-317
- Hype score
- Not currently trending
CVE-2025-14816: Mitsubishi Electric Hyper Historian Splitter stores SQL creds in plaintext in GUI. Local low-priv user can read them. No patch. Switch to Windows Auth or get owned. #infosec #OTsecurity #CVE #devsecops #cybersecurity #python #hackers More info in reply
@HugoValters
2 May 2026
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
三菱電機社GENESIS64、ICONICS SuiteわMobileHMI、Hyper Historian、AnalytiX、MC Works64、GENESISに複数の重大(Critical)な脆弱性。CVE-2025-14815とCVE-2025-14816はCVSSスコア9.3で、それぞれローカルキャッシュ(SQLite)とUIからのSQL Server資格
@__kokumoto
14 Apr 2026
970 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-14816 Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite version… https://t.co/mfZqCdlZkd
@CVEnew
12 Apr 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Cleartext Storage and Display of SQL Server Credentials in Mitsubishi Electric GENESIS64 and ICONICS Suite (CVE-2025-14815, CVE-2025-14816) 🆔 **CVE-2025-14815** | 📊 CVSS: 8.8 (High 🟠) | 📈 EPSS: N/A% 🆔 **CVE-2025-14816** | 📊 CVSS:
@syedaquib77
7 Apr 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Plaintext storage of sensitive information in multiple Mitsubishi Electric products (CVE-2025-14815, CVE-2025-14816) 🆔 **CVE-2025-14815** 🆔 **CVE-2025-14816** 🛠️ **Exploit Maturity:** Not Available 📂 **Affected Versions:** GENESIS64
@syedaquib77
7 Apr 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes