CVE-2025-14815
Cleartext Credential Storage in Mitsubishi Electric GENESIS64 Enables Data Exposure
Publication date: 2026-04-08
Last updated on: 2026-04-08
Assigner: Mitsubishi Electric Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mitsubishi_electric | genesis64 | 10.97.3 |
| mitsubishi_electric | iconics_suite | 10.97.3 |
| mitsubishi_electric | mobilehmi | 10.97.3 |
| mitsubishi_electric | hyper_historian | 10.97.3 |
| mitsubishi_electric | analyti_x | 10.97.3 |
| mitsubishi_electric | genesis | 11.02 |
| mitsubishi_electric | iconics_digital_solutions_genesis64 | 10.97.3 |
| mitsubishi_electric | iconics_digital_solutions_iconics_suite | 10.97.3 |
| mitsubishi_electric | iconics_digital_solutions_mobilehmi | 10.97.3 |
| mitsubishi_electric | iconics_digital_solutions_hyper_historian | 10.97.3 |
| mitsubishi_electric | iconics_digital_solutions_analyti_x | 10.97.3 |
| mitsubishi_electric | iconics_digital_solutions_genesis | 11.02 |
| mitsubishi_electric | genesis64 | to 10.97.3 (exc) |
| mitsubishi_electric | iconics_suite | to 10.97.3 (exc) |
| mitsubishi_electric | mobilehmi | to 10.97.3 (exc) |
| mitsubishi_electric | hyper_historian | to 10.97.3 (exc) |
| mitsubishi_electric | analyti_x | to 10.97.3 (exc) |
| mitsubishi_electric | genesis | to 11.02 (exc) |
| mitsubishi_electric | mc_works64 | * |
| mitsubishi_electric | iconics_digital_solutions_genesis64 | to 10.97.3 (exc) |
| mitsubishi_electric | iconics_digital_solutions_iconics_suite | to 10.97.3 (exc) |
| mitsubishi_electric | iconics_digital_solutions_mobilehmi | to 10.97.3 (exc) |
| mitsubishi_electric | iconics_digital_solutions_hyper_historian | to 10.97.3 (exc) |
| mitsubishi_electric | iconics_digital_solutions_analyti_x | to 10.97.3 (exc) |
| mitsubishi_electric | iconics_digital_solutions_genesis | to 11.02 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the cleartext storage of sensitive information in certain Mitsubishi Electric software products. Specifically, SQL Server credentials are stored in plaintext within a local SQLite file when the local caching feature using SQLite is enabled and SQL authentication is used. A local attacker can exploit this vulnerability to disclose these credentials.
By obtaining the SQL Server credentials, the attacker could gain unauthorized access to the SQL Server, allowing them to disclose, tamper with, or destroy data on the server. This could also potentially cause a denial-of-service (DoS) condition on the affected system.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access to your SQL Server due to the exposure of plaintext credentials. This unauthorized access can result in data disclosure, data tampering, or data destruction.
Additionally, the attacker could cause a denial-of-service (DoS) condition, disrupting the availability of your system or services relying on the SQL Server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the cleartext storage of SQL Server credentials, which could allow unauthorized access to sensitive data. Such unauthorized disclosure or tampering with data may lead to non-compliance with data protection regulations like GDPR and HIPAA, which require proper protection of sensitive information and credentials.
Specifically, the exposure of credentials and potential unauthorized access could violate requirements for data confidentiality, integrity, and security controls mandated by these standards.