Cleartext Storage of SQL Credentials in Mitsubishi Electric GENESIS64 <10.97.3
CVE-2025-14815 Published on April 8, 2026
Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
Weakness Type
Cleartext Storage of Sensitive Information
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Products Associated with CVE-2025-14815
stack.watch emails you whenever new vulnerabilities are published in Mitsubishielectric Genesis64 or Mitsubishielectric Mc Works64. Just hit a watch button to start following.
Affected Versions
Mitsubishi Electric Corporation GENESIS64:- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 10.97.3 and prior is affected.
- Version versions 11.02 and prior is affected.
- Version versions 11.02 and prior is affected.
- Version all versions is affected.