CVE-2025-0921
Information Tampering Vulnerability in Multi-agent Notification Feature of GENESIS64 and MC Works64
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Information Tampering Vulnerability in Multi-agent Notification Feature of GENESIS64 and MC Works64
Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
Reserved 2025-01-31 | Published 2025-05-15 | Updated 2025-05-29 | Assigner MitsubishiCWE-250 Execution with Unnecessary Privileges
Asher Davila of Palo Alto Networks
Malav Vyas of Palo Alto Networks
www.mitsubishielectric.com/...nerability/pdf/2025-002_en.pdf
jvn.jp/vu/JVNVU93838985
www.cisa.gov/news-events/ics-advisories/icsa-25-140-04
Support options
