Mitsubishielectric Genesis64

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Mitsubishielectric Genesis64.

By the Year

In 2026 there have been 2 vulnerabilities in Mitsubishielectric Genesis64. Last year, in 2025 Genesis64 had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Genesis64 in 2026 could surpass last years number.

Year	Vulnerabilities	Average Score
2026	2	0.00
2025	3	6.87
2024	14	6.59
2023	0	0.00
2022	1	5.90

It may take a day or so for new Genesis64 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mitsubishielectric Genesis64 Security Vulnerabilities

Cleartext SQL Credentials in GUI (GENESIS64 <10.97.3, Hyper Historian <10.97.3)
CVE-2025-14816 - April 08, 2026

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.

Cleartext Storage of Sensitive Information in GUI

Cleartext Storage of SQL Credentials in Mitsubishi Electric GENESIS64 <10.97.3
CVE-2025-14815 - April 08, 2026

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.

Cleartext Storage of Sensitive Information

OS Command Injection in Mitsubishi Electric GENESIS64 10.97.2 CFR3
CVE-2025-11774 8.2 - High - December 19, 2025

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE.

Shell injection

Local Write via LNK Link in Mitsubishi GENESIS (CVE-2025-7376)
CVE-2025-7376 5.9 - Medium - August 06, 2025

Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

Windows symbolic link following

Mitsubishi GENESIS64/MC Works64: Unnecessary Privileges Local Write DoS (All V)
CVE-2025-0921 6.5 - Medium - May 15, 2025

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX versions 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX versions 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

Execution with Unnecessary Privileges

Uncontrolled SP Element in GENESIS64 allows DLL hijack for code exec
CVE-2024-9852 7.8 - High - November 28, 2024

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

DLL preloading

Dead Code DLL Tamper RCE in GENESIS64 10.97.3 (ICONICS/Mitsubishi)
CVE-2024-8300 7 - High - November 28, 2024

Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

Dead Code

Privilege Escalation in Jungo WinDriver 6.0.0-16.1.0
CVE-2024-26314 7.8 - High - July 02, 2024

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code.

Jungo WinDriver <12.5.1 DoS Causing Windows BS
CVE-2024-22105 5.5 - Medium - July 02, 2024

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error.

Jungo WinDriver <12.5.1 Improper Privilege Management Exploitable Locally
CVE-2024-22106 7.8 - High - July 02, 2024

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS).

Jungo WinDriver <12.2 Improper Privilege Escalation (CVE-2024-25086)
CVE-2024-25086 7.8 - High - July 02, 2024

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code.

Jungo WinDriver DoS causing BSOD before v12.7.0
CVE-2024-25087 5.5 - Medium - July 02, 2024

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error.

Jungo WinDriver <12.5.1 PrivEsc via Improper Priv Man
CVE-2024-25088 7.8 - High - July 02, 2024

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.

Jungo WinDriver <12.6.0 OOB Write causing BSOD & DoS
CVE-2024-22103 5.5 - Medium - July 02, 2024

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Memory Corruption

Jungo WinDriver <12.6.0 DoS causes Windows BSOD
CVE-2024-22102 5.5 - Medium - July 02, 2024

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error.

Jungo WinDriver pre-12.1.0 OOB Write Enables BSoD & Local DoS
CVE-2023-51778 5.5 - Medium - July 02, 2024

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Memory Corruption

Jungo WinDriver <12.1.0 DoS leading to BSOD
CVE-2023-51777 5.5 - Medium - July 02, 2024

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error.

Jungo WinDriver <12.5.1 OOB Write Causing BSOD & DoS
CVE-2024-22104 5.5 - Medium - July 02, 2024

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Memory Corruption

Jungo WinDriver <12.1.0 Improper Privilege Management, Local Priv Esc
CVE-2023-51776 7.8 - High - July 02, 2024

Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior
CVE-2022-23130 5.9 - Medium - January 21, 2022

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.

Buffer Over-read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Mitsubishielectric Genesis64 or by Mitsubishielectric? Click the Watch button to subscribe.

Mitsubishielectric
Vendor

Mitsubishielectric Genesis64
Product

Mitsubishielectric Genesis64

Don't miss out!

By the Year

Recent Mitsubishielectric Genesis64 Security Vulnerabilities

Cleartext SQL Credentials in GUI (GENESIS64 <10.97.3, Hyper Historian <10.97.3) CVE-2025-14816 - April 08, 2026

Cleartext Storage of SQL Credentials in Mitsubishi Electric GENESIS64 <10.97.3 CVE-2025-14815 - April 08, 2026

OS Command Injection in Mitsubishi Electric GENESIS64 10.97.2 CFR3 CVE-2025-11774 8.2 - High - December 19, 2025

Local Write via LNK Link in Mitsubishi GENESIS (CVE-2025-7376) CVE-2025-7376 5.9 - Medium - August 06, 2025

Mitsubishi GENESIS64/MC Works64: Unnecessary Privileges Local Write DoS (All V) CVE-2025-0921 6.5 - Medium - May 15, 2025

Uncontrolled SP Element in GENESIS64 allows DLL hijack for code exec CVE-2024-9852 7.8 - High - November 28, 2024

Dead Code DLL Tamper RCE in GENESIS64 10.97.3 (ICONICS/Mitsubishi) CVE-2024-8300 7 - High - November 28, 2024

Privilege Escalation in Jungo WinDriver 6.0.0-16.1.0 CVE-2024-26314 7.8 - High - July 02, 2024

Jungo WinDriver <12.5.1 DoS Causing Windows BS CVE-2024-22105 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.5.1 Improper Privilege Management Exploitable Locally CVE-2024-22106 7.8 - High - July 02, 2024

Jungo WinDriver <12.2 Improper Privilege Escalation (CVE-2024-25086) CVE-2024-25086 7.8 - High - July 02, 2024

Jungo WinDriver DoS causing BSOD before v12.7.0 CVE-2024-25087 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.5.1 PrivEsc via Improper Priv Man CVE-2024-25088 7.8 - High - July 02, 2024

Jungo WinDriver <12.6.0 OOB Write causing BSOD & DoS CVE-2024-22103 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.6.0 DoS causes Windows BSOD CVE-2024-22102 5.5 - Medium - July 02, 2024

Jungo WinDriver pre-12.1.0 OOB Write Enables BSoD & Local DoS CVE-2023-51778 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.1.0 DoS leading to BSOD CVE-2023-51777 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.5.1 OOB Write Causing BSOD & DoS CVE-2024-22104 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.1.0 Improper Privilege Management, Local Priv Esc CVE-2023-51776 7.8 - High - July 02, 2024

Stay on top of Security Vulnerabilities

Mitsubishielectric Vendor

Mitsubishielectric Genesis64Product

Cleartext SQL Credentials in GUI (GENESIS64 <10.97.3, Hyper Historian <10.97.3)
CVE-2025-14816 - April 08, 2026

Cleartext Storage of SQL Credentials in Mitsubishi Electric GENESIS64 <10.97.3
CVE-2025-14815 - April 08, 2026

OS Command Injection in Mitsubishi Electric GENESIS64 10.97.2 CFR3
CVE-2025-11774 8.2 - High - December 19, 2025

Local Write via LNK Link in Mitsubishi GENESIS (CVE-2025-7376)
CVE-2025-7376 5.9 - Medium - August 06, 2025

Mitsubishi GENESIS64/MC Works64: Unnecessary Privileges Local Write DoS (All V)
CVE-2025-0921 6.5 - Medium - May 15, 2025

Uncontrolled SP Element in GENESIS64 allows DLL hijack for code exec
CVE-2024-9852 7.8 - High - November 28, 2024

Dead Code DLL Tamper RCE in GENESIS64 10.97.3 (ICONICS/Mitsubishi)
CVE-2024-8300 7 - High - November 28, 2024

Privilege Escalation in Jungo WinDriver 6.0.0-16.1.0
CVE-2024-26314 7.8 - High - July 02, 2024

Jungo WinDriver <12.5.1 DoS Causing Windows BS
CVE-2024-22105 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.5.1 Improper Privilege Management Exploitable Locally
CVE-2024-22106 7.8 - High - July 02, 2024

Jungo WinDriver <12.2 Improper Privilege Escalation (CVE-2024-25086)
CVE-2024-25086 7.8 - High - July 02, 2024

Jungo WinDriver DoS causing BSOD before v12.7.0
CVE-2024-25087 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.5.1 PrivEsc via Improper Priv Man
CVE-2024-25088 7.8 - High - July 02, 2024

Jungo WinDriver <12.6.0 OOB Write causing BSOD & DoS
CVE-2024-22103 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.6.0 DoS causes Windows BSOD
CVE-2024-22102 5.5 - Medium - July 02, 2024

Jungo WinDriver pre-12.1.0 OOB Write Enables BSoD & Local DoS
CVE-2023-51778 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.1.0 DoS leading to BSOD
CVE-2023-51777 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.5.1 OOB Write Causing BSOD & DoS
CVE-2024-22104 5.5 - Medium - July 02, 2024

Jungo WinDriver <12.1.0 Improper Privilege Management, Local Priv Esc
CVE-2023-51776 7.8 - High - July 02, 2024

Mitsubishielectric
Vendor

Mitsubishielectric Genesis64
Product