• Home
  • cyber
  • Mitsubishi Electric: SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations
cyber Vulnerability

Mitsubishi Electric: SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations

Jan 31, 2026 2 min read
Mitsubishi Electric: SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations

Medium-Severity Vulnerability in Iconics Suite SCADA Systems Exposes Critical Infrastructure to DoS Attacks

A medium-severity vulnerability (CVE-2025-0921) in Mitsubishi Electric’s Iconics Suite SCADA system has been identified, enabling attackers to trigger denial-of-service (DoS) conditions on industrial control systems (ICS). The flaw, discovered by Unit 42 researchers Asher Davila and Malav Vyas in early 2024, affects GENESIS64, MC Works64, and GENESIS version 11.00 software widely deployed in automotive, energy, manufacturing, and critical infrastructure sectors across over 100 countries.

The vulnerability stems from an execution-with-unnecessary-privileges weakness in the Pager Agent component of AlarmWorX64 MMX, the alarm management system within the Iconics Suite. With a CVSS score of 6.5, exploitation allows attackers with local access to manipulate the SMSLogFile path in the IcoSetup64.ini configuration file, redirecting log writes to overwrite critical system drivers like cng.sys. Upon reboot, the corrupted driver forces an endless repair loop, rendering OT workstations inoperable.

Exploitation is facilitated when combined with CVE-2024-7587, a prior vulnerability granting excessive permissions to the C:\ProgramData\ICONICS directory. However, the flaw can also be exploited independently if log files are writable due to misconfigurations or other attack vectors.

Mitsubishi Electric has released patches for GENESIS version 11.01 and later, with fixes for GENESIS64 pending. No patches are planned for MC Works64, leaving users to implement mitigations. The vulnerability is one of six identified in Iconics Suite versions 10.97.2 and earlier, underscoring ongoing risks to SCADA systems in high-stakes environments.

Source: https://cybersecuritynews.com/scada-vulnerability-triggers-dos/

Mitsubishi Electric cybersecurity rating report: https://www.rankiteo.com/company/mitsubishielectric

"id": "MIT1770021852",
"linkid": "mitsubishielectric",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': ['Automotive',
                                     'Energy',
                                     'Manufacturing',
                                     'Critical Infrastructure'],
                        'location': 'Global (100+ countries)',
                        'name': 'Mitsubishi Electric',
                        'type': 'Company'}],
 'attack_vector': 'Local Access',
 'date_detected': '2024-01-01',
 'description': 'A medium-severity vulnerability (CVE-2025-0921) in Mitsubishi '
                'Electric’s Iconics Suite SCADA system has been identified, '
                'enabling attackers to trigger denial-of-service (DoS) '
                'conditions on industrial control systems (ICS). The flaw '
                'affects GENESIS64, MC Works64, and GENESIS version 11.00 '
                'software widely deployed in automotive, energy, '
                'manufacturing, and critical infrastructure sectors across '
                'over 100 countries. The vulnerability stems from an '
                'execution-with-unnecessary-privileges weakness in the Pager '
                'Agent component of AlarmWorX64 MMX, allowing attackers with '
                'local access to manipulate the SMSLogFile path to overwrite '
                'critical system drivers, rendering OT workstations '
                'inoperable.',
 'impact': {'downtime': 'OT workstations rendered inoperable',
            'operational_impact': 'Denial-of-service conditions on industrial '
                                  'control systems',
            'systems_affected': 'GENESIS64, MC Works64, GENESIS version 11.00'},
 'investigation_status': 'Vulnerability identified and disclosed',
 'post_incident_analysis': {'corrective_actions': 'Patch management; directory '
                                                  'permission hardening',
                            'root_causes': 'Execution-with-unnecessary-privileges '
                                           'weakness in Pager Agent component; '
                                           'misconfigured directory '
                                           'permissions (CVE-2024-7587)'},
 'recommendations': 'Apply patches for GENESIS version 11.01 and later; '
                    'implement mitigations for MC Works64; ensure proper '
                    'directory permissions to prevent exploitation of '
                    'CVE-2024-7587.',
 'references': [{'source': 'Unit 42 (Palo Alto Networks)'}],
 'response': {'remediation_measures': 'Patches released for GENESIS version '
                                      '11.01 and later; mitigations '
                                      'recommended for MC Works64'},
 'title': 'Medium-Severity Vulnerability in Iconics Suite SCADA Systems '
          'Exposes Critical Infrastructure to DoS Attacks',
 'type': 'Denial-of-Service (DoS)',
 'vulnerability_exploited': 'CVE-2025-0921, CVE-2024-7587'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.