CVE-2025-14815
Received Received - Intake
Cleartext Credential Storage in Mitsubishi Electric GENESIS64 Enables Data Exposure

Publication date: 2026-04-08

Last updated on: 2026-04-08

Assigner: Mitsubishi Electric Corporation

Description
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14815
EUVD
EUVD-2025-209294
Affected Vendors & Products
Showing 25 associated CPEs
Vendor Product Version / Range
mitsubishi_electric genesis64 10.97.3
mitsubishi_electric iconics_suite 10.97.3
mitsubishi_electric mobilehmi 10.97.3
mitsubishi_electric hyper_historian 10.97.3
mitsubishi_electric analyti_x 10.97.3
mitsubishi_electric genesis 11.02
mitsubishi_electric iconics_digital_solutions_genesis64 10.97.3
mitsubishi_electric iconics_digital_solutions_iconics_suite 10.97.3
mitsubishi_electric iconics_digital_solutions_mobilehmi 10.97.3
mitsubishi_electric iconics_digital_solutions_hyper_historian 10.97.3
mitsubishi_electric iconics_digital_solutions_analyti_x 10.97.3
mitsubishi_electric iconics_digital_solutions_genesis 11.02
mitsubishi_electric genesis64 to 10.97.3 (exc)
mitsubishi_electric iconics_suite to 10.97.3 (exc)
mitsubishi_electric mobilehmi to 10.97.3 (exc)
mitsubishi_electric hyper_historian to 10.97.3 (exc)
mitsubishi_electric analyti_x to 10.97.3 (exc)
mitsubishi_electric genesis to 11.02 (exc)
mitsubishi_electric mc_works64 *
mitsubishi_electric iconics_digital_solutions_genesis64 to 10.97.3 (exc)
mitsubishi_electric iconics_digital_solutions_iconics_suite to 10.97.3 (exc)
mitsubishi_electric iconics_digital_solutions_mobilehmi to 10.97.3 (exc)
mitsubishi_electric iconics_digital_solutions_hyper_historian to 10.97.3 (exc)
mitsubishi_electric iconics_digital_solutions_analyti_x to 10.97.3 (exc)
mitsubishi_electric iconics_digital_solutions_genesis to 11.02 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the cleartext storage of sensitive information in certain Mitsubishi Electric software products. Specifically, SQL Server credentials are stored in plaintext within a local SQLite file when the local caching feature using SQLite is enabled and SQL authentication is used. A local attacker can exploit this vulnerability to disclose these credentials.

By obtaining the SQL Server credentials, the attacker could gain unauthorized access to the SQL Server, allowing them to disclose, tamper with, or destroy data on the server. This could also potentially cause a denial-of-service (DoS) condition on the affected system.

Impact Analysis

If exploited, this vulnerability can lead to unauthorized access to your SQL Server due to the exposure of plaintext credentials. This unauthorized access can result in data disclosure, data tampering, or data destruction.

Additionally, the attacker could cause a denial-of-service (DoS) condition, disrupting the availability of your system or services relying on the SQL Server.

Compliance Impact

This vulnerability involves the cleartext storage of SQL Server credentials, which could allow unauthorized access to sensitive data. Such unauthorized disclosure or tampering with data may lead to non-compliance with data protection regulations like GDPR and HIPAA, which require proper protection of sensitive information and credentials.

Specifically, the exposure of credentials and potential unauthorized access could violate requirements for data confidentiality, integrity, and security controls mandated by these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart