The Iconics Suite SCADA system has a medium-severity flaw that could let hackers cause denial-of-service situations on vital industrial control systems This article explores systems vulnerability identified. . The vulnerability, identified as CVE-2025-0921, impacts data acquisition and supervisory control systems that are extensively used in the manufacturing, automotive, and energy industries.

An execution-with-unnecessary-privileges vulnerability in several services within Mitsubishi Electric Iconics Digital Solutions GENESIS64 is the source of vulnerability overview CVE-2025-0921. With a CVSS score of 6.5, the vulnerability is categorized as medium severity. Attackers can compromise system availability and integrity by abusing privileged file system operations to elevate privileges and corrupt vital system binaries through successful exploitation.

Vulnerability Description with CVE Identifier CVSS Score: CVE-2025-0921 Execution with superfluous privileges vulnerability in several Mitsubishi Electric Iconics Digital Solutions services GENESIS64 6.5 (Medium) Early in 2024, Unit 42 researchers Asher Davila and Malav Vyas found the vulnerability during a thorough security assessment. This discovery is one of six flaws found in Microsoft Windows platforms' Iconics Suite versions 10.97.2 and lower. Learn more Software for detecting malware Reports on threat intelligence Consulting for computer security Apps for secure messaging Solutions for data security extensions for malware Services for cloud security Tools for cloud security Consulting services for cybersecurity During their investigation, the researchers discovered CVE-2025-0921, an additional threat to the five related vulnerabilities they had previously revealed affecting the same SCADA platform.

GraphWorX64 permissions (source: paloaltonetworks) The vulnerability affects all versions of GENESIS64, MC Works64, and GENESIS version 11.00, according to Mitsubishi Electric's security advisory. Hundreds of thousands of installations in over 100 countries, including vital infrastructure sectors like government buildings, military installations, water and wastewater treatment plants, utilities, and energy providers, are maintained by Iconics Suite. Details of Technical Exploitation The AlarmWorX64 MMX alarm management system's Pager Agent component, which keeps an eye on industrial processes, contains the vulnerability.

By altering the SMSLogFile path configuration kept in the IcoSetup64.ini file found in the C:\ProgramData\ICONICS directory, attackers with local access can take advantage of the vulnerability. the exploit's newly modified cng.sys file (source: PaloAltonetwork) The attack chain entails establishing symbolic connections between the target system binaries and the location of the log file.

Logging data follows the symbolic link and replaces crucial drivers like cng.sys, which offers cryptographic services for Windows system components, when administrators send test messages or the system automatically initiates alerts. The corrupted driver results in boot failures when the system reboots, trapping the computer in a never-ending repair cycle and making the OT engineering workstation unusable. The corrupted driver is the cause of the endless Windows boot loop (source: paloaltonetworks).

When combined with CVE-2024-7587, a previously reported vulnerability in the GenBroker32 installer that gives the C:\ProgramData\ICONICS directory excessive permissions, enabling any local user to alter crucial configuration files, researchers showed that exploitation becomes much simpler. However, if log files become writable as a result of misconfiguration, other vulnerabilities, or social engineering, attackers could still independently exploit CVE-2025-0921.

Customers can download the patches that Mitsubishi Electric has released for GENESIS versions 11.01 and later from the Iconics Community Resource Center. A fixed version for GENESIS64 users is presently being developed and will be made available soon. Customers must put mitigations in place in the interim as the vendor has stated that it has no plans to release patches for MC Works64.

X, LinkedIn, and X for daily updates on cybersecurity. To have your stories featured, get in touch with us.