Mitsubishi Electric GENESIS64 and ICONICS Suite products

Remediations

Vendor fix
Mitsubishi Electric is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian and AnalytiX. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\Cache\*.sdf”. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf

Vendor fix
Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 10.98 or later for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian and AnalytiX. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\Cache\*.sdf”. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at “https://iconics.com/about/security/cert”.
https://iconics.com/about/security/cert

Vendor fix
Mitsubishi Electric is releasing fixed version 11.03 or later for GENESIS. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\11\Cache\*.sqlite3”. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf

Vendor fix
Mitsubishi Electric Iconics Digital Solutions is releasing fixed version 11.03 or later for GENESIS. Please download the fixed version from the link “https://iconicsinc.my.site.com/community/s/resource-center/product-downloads” and install it. After installation, perform the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\11\Cache\*.sqlite3”. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at “https://iconics.com/about/security/cert”.
https://iconics.com/about/security/cert

No fix planned
There are no plans to release fixed version for MC Works64. For users of MC Works64, refer to the Mitsubishi Electric security advisory “https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf”, and take the actions described there.
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2025-023.pdf

Mitigation
For customer of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend performing the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\Cache\*.sdf”.

Mitigation
For customer of GENESIS that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend performing the following step (1) and (2). (1) In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\11\Cache\*.sqlite3”.

Mitigation
For customer of MC Works 64, Mitsubishi Electric recommends performing the following step (1) and (2). (1)In Workbench, open the “Configure Application(s) Settings” dialog. In the “Available Applications” list, uncheck the “Local Cache” column for applications. (2) Delete the files created by the local cache functionality from “C:\ProgramData\ICONICS\Cache\*.sdf”.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend using Windows authentication instead of SQL authentication for the SQL server authentication method, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend configuring the PCs with the affected product installed so that only an administrator can log in, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend using the PCs with the affected product installed in the LAN and blocking remote login from untrusted networks and hosts, and from non-administrator users, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend blocking unauthorized access by using a firewall, virtual private network (VPN), etc. and allowing remote login only to administrator when internet access is required, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend restricting physical access to the PC with the affected product installed and to the network to which the PC is connected, to minimize the risk of exploiting this vulnerability.

Mitigation
For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend preventing the user from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploiting this vulnerability.