Vulnerability in Mitsubishi Electric's GENESIS64 Could Lead to Denial-of-Service Attacks
A security flaw in Mitsubishi Electric's GENESIS64 software allows local attackers to overwrite critical files, potentially causing system failures.
A security vulnerability identified as CVE-2025-0921 has been discovered in Mitsubishi Electric's GENESIS64 software, which is used for industrial process control and monitoring. This flaw enables local authenticated attackers to overwrite arbitrary files by creating symbolic links, potentially leading to system failures.
The vulnerability affects all versions of GENESIS64, as well as GENESIS version 11.00 and MC Works64. Mitsubishi Electric has acknowledged the issue and is developing a fixed version for GENESIS64. Users are advised to implement recommended mitigations until the update is available.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding this vulnerability, emphasizing the risk of information tampering and potential denial-of-service conditions.
Users of the affected products are encouraged to monitor official communications from Mitsubishi Electric and CISA for updates and to apply security patches promptly to mitigate potential risks.
Source
Unit 42Fact-checking
Fact-check the facts of the article using external sources and databases.