CVE-2025-14815 Unknown Vendor CVE debrief

Who should care

OT/ICS administrators, control system engineers, and security teams responsible for Mitsubishi Electric GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, or MC Works64 deployments—especially systems that use SQLite local caching and SQL Server SQL authentication.

Technical summary

The vulnerability is CWE-312 cleartext storage of sensitive information. When the affected products’ local caching feature uses SQLite and SQL authentication is selected for SQL Server authentication, the credentials are stored in plaintext in the local SQLite cache file. The public advisory rates the issue CVSS 3.1 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating a locally exploitable issue with high impact once an attacker can access the affected host or cache files. The advisory also notes potential outcomes including information disclosure, tampering, and denial of service.

Defensive priority

High. Prioritize remediation on any affected host where Local Cache is enabled and SQL authentication is in use, because the vulnerability exposes credentials directly on disk and may enable follow-on compromise.

Recommended defensive actions

• Upgrade to a fixed release where available: 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX; 11.03 or later for GENESIS.
• For MC Works64, apply the vendor-recommended mitigations because no fixed version is planned.
• In Workbench, open the Configure Application(s) Settings dialog and uncheck the Local Cache option for affected applications.
• Remove existing cache files created by the local cache feature: use C:\\ProgramData\\ICONICS\\Cache\\*.sdf for the 10.x family and C:\\ProgramData\\ICONICS\\11\\Cache\\*.sqlite3 for GENESIS 11.x.
• Prefer Windows authentication instead of SQL authentication for SQL Server authentication where operationally possible.
• Restrict access to affected PCs and networks: limit logins to administrators, block untrusted remote login, and use firewall/VPN controls for any remote access.
• Restrict physical access to affected hosts and review whether local caching is necessary for each application.

Evidence notes

All core claims come from the supplied CISA CSAF advisory and linked Mitsubishi Electric / ICONICS advisory references. The source corpus explicitly states that credentials are stored in plaintext within the local SQLite file when Local Cache and SQL authentication are both enabled, and it provides the fixed versions, no-fix status for MC Works64, and mitigation steps. The advisory was published on 2026-04-07; no earlier public disclosure date is provided in the corpus. The supplied metadata uses a broad product-family label spanning Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions; the vulnerability description itself is consistent across the referenced advisories.

Official resources