CVE-2025-11774
📋 TL;DR
This CVE describes an OS command injection vulnerability in Mitsubishi Electric's GENESIS64, ICONICS Suite, and MobileHMI software. A local attacker can execute arbitrary executable files by tampering with a configuration file when a legitimate user uses the keypad function. This affects multiple industrial control system products up to version 10.97.2 CFR3.
💻 Affected Systems
- Mitsubishi Electric GENESIS64
- Mitsubishi Electric Iconics Digital Solutions GENESIS64
- Mitsubishi Electric ICONICS Suite
- Mitsubishi Electric Iconics Digital Solutions ICONICS Suite
- Mitsubishi Electric MobileHMI
- Mitsubishi Electric Iconics Digital Solutions MobileHMI
- Mitsubishi Electric MC Works64
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing arbitrary code execution with user privileges, enabling data theft, system destruction, or persistent backdoor installation.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive industrial control system data and potential disruption of operations.
If Mitigated
Limited impact if proper file permissions restrict configuration file access and systems are isolated from untrusted networks.
🎯 Exploit Status
Exploitation requires local access and ability to modify configuration files. Attack requires legitimate user to trigger the vulnerable function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 10.97.2 CFR3
Vendor Advisory: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-018_en.pdf
Restart Required: Yes
Instructions:
1. Download updated software from Mitsubishi Electric support portal. 2. Backup current configuration and data. 3. Install the updated version following vendor instructions. 4. Restart affected systems. 5. Verify proper functionality.
🔧 Temporary Workarounds
Restrict configuration file permissions
windowsSet strict file permissions on keypad function configuration files to prevent unauthorized modification.
icacls "C:\Program Files\Mitsubishi Electric\GENESIS64\config\keypad_config.xml" /inheritance:r /grant:r "SYSTEM:(F)" "Administrators:(F)" "Users:(R)"
Disable keypad function if unused
allRemove or disable the vulnerable keypad function if not required for operations.
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local access to affected systems.
- Segment industrial control systems from general corporate networks to limit attack surface.
🔍 How to Verify
Check if Vulnerable:
Check software version in About dialog or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Mitsubishi Electric\GENESIS64\VersionCheck Version:
reg query "HKLM\SOFTWARE\Mitsubishi Electric\GENESIS64" /v VersionVerify Fix Applied:
Verify installed version is newer than 10.97.2 CFR3 and check that configuration files have proper permissions.📡 Detection & Monitoring
Log Indicators:
- Unauthorized modifications to keypad configuration files
- Unexpected process execution from keypad function context
- Failed file permission changes
Network Indicators:
- Unusual outbound connections from industrial control systems
- Anomalous network traffic patterns from affected hosts
SIEM Query:
source="windows" AND (event_id=4688 OR event_id=4663) AND process_name="*keypad*" AND command_line="*.exe*"