CVE-2025-14816 Unknown Vendor CVE debrief

Who should care

Administrators and operators running GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, MC Works64, or GENESIS deployments should review this immediately, especially where Hyper Historian Splitter is used and SQL authentication is configured. OT/ICS teams should also care because the source advisory is an industrial-control-systems publication and the impact includes credential disclosure in a production GUI.

Technical summary

The affected feature displays SQL Server credentials in cleartext within the GUI when SQL authentication is selected. This creates a direct sensitive-information exposure risk for anyone with access to the interface or the host environment. The advisory provides fixed versions for most products: 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX; 11.03 or later for GENESIS. For MC Works64, the advisory states that no fixed version is planned and recommends mitigations. The source also includes SSVCv2 guidance indicating no known exploitation and total technical impact.

Defensive priority

High. This is a straightforward but high-impact credential disclosure flaw in an ICS-adjacent product line. Prioritize patching or compensating controls now, especially on systems where SQL authentication is in use or where the Hyper Historian Splitter GUI is accessible to non-administrators.

Recommended defensive actions

• Upgrade affected products to the vendor-fixed release: 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX; 11.03 or later for GENESIS.
• For MC Works64, follow the vendor advisory because no fixed version is planned.
• If you cannot update immediately, switch from SQL authentication to Windows authentication for the SQL Server connection.
• Restrict HHSplitter.exe so only trusted administrators can execute it, and remove it if it is not needed.
• Limit login to administrator accounts on affected PCs, keep them on trusted LAN segments, and block remote login from untrusted networks and non-administrator users.
• Use firewall/VPN controls to block unauthorized access, restrict physical access to the host and connected network, and avoid exposing the system unnecessarily.
• Reinforce basic user-safety controls around untrusted email links and attachments for systems that may be used to reach the affected environment.

Evidence notes

Source evidence comes from the supplied CISA CSAF advisory ICSA-26-097-01 and the referenced Mitsubishi Electric / Mitsubishi Electric Iconics Digital Solutions advisories. The advisory text explicitly states that SQL Server credentials are shown in plain text in the Hyper Historian Splitter GUI when SQL authentication is used, identifies CWE-317, and lists fixed versions plus mitigations. The supplied metadata shows the advisory was published on 2026-04-07 and republished by CISA the same day; no KEV entry is present in the supplied corpus.

Official resources