CVE-2025-11774 Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric CVE debrief

Who should care

OT and industrial automation teams running ICONICS Suite, GENESIS64, MobileHMI, or MC Works64 on operator workstations, engineering stations, or other shared Windows PCs. This is especially important for environments that allow local logon, remote logon, or broad trust relationships around HMI/SCADA endpoints.

Technical summary

The vulnerability centers on the keypad function configuration file. If an attacker can modify that file, the software keyboard can be induced to execute an arbitrary executable when a legitimate user uses the keypad function. The advisory’s CVSS vector is AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H, which aligns with local access, low privileges, and required user interaction. The likely impact is broad for the affected host: arbitrary code execution can enable confidentiality, integrity, and availability compromise, including DoS and destructive actions.

Defensive priority

High. Even though the attack requires local access and user interaction, successful exploitation can yield code execution on an OT workstation or HMI host and affect critical operator software. Prioritize patching and access controls on any affected system that is shared, remotely reachable, or connected to production networks.

Recommended defensive actions

• Upgrade GENESIS64 to version 10.97.3 or later, or move to GENESIS V11, as recommended by Mitsubishi Electric Iconics Digital Solutions.
• For MC Works64, plan migration to GENESIS64 v10.97.3 or higher; the advisory states there are no plans to release a fixed MC Works64 version.
• Apply the vendor-provided security update path referenced in the advisory, including the 10.97.3 critical fixes rollup where applicable.
• Keep affected PCs on a trusted LAN and block remote login from untrusted networks, hosts, and users.
• If remote access is necessary, restrict it with a firewall or VPN and allow remote login only for trusted users.
• Restrict physical access to affected PCs and the network segments they connect to.
• Ensure antivirus software is installed on PCs running the affected products.
• Avoid untrusted email links and attachments on affected systems, consistent with the vendor mitigation guidance.

Evidence notes

The supplied CISA CSAF source item for ICSA-25-352-04 states that malicious code execution is possible through the keypad function if the configuration file is tampered with, and that arbitrary EXE execution may occur when a legitimate user uses the keypad function. The same source lists affected products as ICONICS Suite, GENESIS64, MobileHMI, and MC Works64. Remediation entries specify GENESIS64 v10.97.3 or later, GENESIS V11, and note that no fixed MC Works64 release is planned. The CVSS vector provided in the corpus is CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H. The corpus does not provide evidence of active exploitation or a KEV listing.

Official resources