A medium-severity vulnerability within the Iconics Suite SCADA system that might enable attackers to set off denial-of-service situations on important industrial management techniques.
The flaw, tracked as CVE-2025-0921, impacts supervisory management and knowledge acquisition infrastructure broadly deployed throughout automotive, vitality, and manufacturing sectors.
Vulnerability Overview
CVE-2025-0921 stems from an execution-with-unnecessary-privileges weak spot in a number of providers inside Mitsubishi Electrical Iconics Digital Options GENESIS64.
The vulnerability has a CVSS rating of 6.5, which is classed as medium severity. Profitable exploitation allows attackers to misuse privileged file system operations to raise privileges and corrupt important system binaries, in the end compromising system integrity and availability.
CVE IdentifierVulnerability DescriptionCVSS ScoreCVE-2025-0921Execution with pointless privileges vulnerability in a number of providers of Mitsubishi Electrical Iconics Digital Options GENESIS646.5 (Medium)
The vulnerability was found throughout a complete safety evaluation carried out by Unit 42 researchers Asher Davila and Malav Vyas in early 2024.
This discovering represents certainly one of six vulnerabilities recognized in Iconics Suite variations 10.97.2 and earlier for Microsoft Home windows platforms.
The researchers beforehand disclosed 5 associated vulnerabilities affecting the identical SCADA platform, with CVE-2025-0921 rising as an extra risk throughout their investigation.
Permissions of GraphWorX64(supply: paloaltonetworks)
Based on Mitsubishi Electrical’s safety advisory, the vulnerability impacts all variations of GENESIS64, MC Works64, and GENESIS model 11.00.
Iconics Suite maintains lots of of hundreds of installations throughout greater than 100 nations, spanning important infrastructure sectors resembling authorities services, navy installations, water and wastewater remedy crops, utilities, and vitality suppliers.
Technical Exploitation Particulars
The vulnerability resides within the Pager Agent part of AlarmWorX64 MMX, the alarm administration system that displays industrial processes.
Attackers with native entry can exploit the flaw by manipulating the SMSLogFile path configuration saved within the IcoSetup64.ini file situated within the C:ProgramDataICONICS listing.
newly altered cng.sys file created by the exploit(supply:PaloAltonetwork)
The assault chain includes creating symbolic hyperlinks from the log file location to focus on system binaries.
When directors ship check messages or the system robotically triggers alerts, logging data follows the symbolic hyperlink and overwrites important drivers resembling cng.sys, which offers cryptographic providers for Home windows system parts.
Upon system reboot, the corrupted driver causes boot failures, trapping the machine in an infinite restore loop and rendering the OT engineering workstation inoperable.
Infinite Home windows boot loop brought on by the corrupted driver (supply: paloaltonetworks)
Researchers demonstrated that exploitation turns into considerably simpler when mixed with CVE-2024-7587, a beforehand disclosed vulnerability within the GenBroker32 installer that grants extreme permissions to the C:ProgramDataICONICS listing, permitting any native person to change important configuration information.
Nevertheless, attackers might nonetheless exploit CVE-2025-0921 independently if log information turn out to be writable on account of misconfiguration, different vulnerabilities, or social engineering.
Mitsubishi Electrical has launched patches for GENESIS model 11.01 and later, which prospects can obtain from the Iconics Group Useful resource Heart.
For GENESIS64 customers, a hard and fast model is presently below growth and shall be launched within the close to future. The seller has indicated no plans to launch patches for MC Works64, requiring prospects to implement mitigations within the meantime.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
