Medium-Severity Vulnerability in Iconics Suite SCADA Systems Exposes Critical Infrastructure to DoS Attacks A medium-severity vulnerability (CVE-2025-0921) in Mitsubishi Electric’s Iconics Suite SCADA system has been identified, enabling attackers to trigger denial-of-service (DoS) conditions on industrial control systems (ICS). The flaw, discovered by Unit 42 researchers Asher Davila and Malav Vyas in early 2024, affects GENESIS64, MC Works64, and GENESIS version 11.00 software widely deployed in automotive, energy, manufacturing, and critical infrastructure sectors across over 100 countries. The vulnerability stems from an execution-with-unnecessary-privileges weakness in the Pager Agent component of AlarmWorX64 MMX, the alarm management system within the Iconics Suite. With a CVSS score of 6.5, exploitation allows attackers with local access to manipulate the `SMSLogFile` path in the `IcoSetup64.ini` configuration file, redirecting log writes to overwrite critical system drivers like `cng.sys`. Upon reboot, the corrupted driver forces an endless repair loop, rendering OT workstations inoperable. Exploitation is facilitated when combined with CVE-2024-7587, a prior vulnerability granting excessive permissions to the `C:\ProgramData\ICONICS` directory. However, the flaw can also be exploited independently if log files are writable due to misconfigurations or other attack vectors. Mitsubishi Electric has released patches for GENESIS version 11.01 and later, with fixes for GENESIS64 pending. No patches are planned for MC Works64, leaving users to implement mitigations. The vulnerability is one of six identified in Iconics Suite versions 10.97.2 and earlier, underscoring ongoing risks to SCADA systems in high-stakes environments.

Mitsubishi Electric Corp. has again been hit by a massive cyberattack that has resulted in the leaking of information related to its business partners. An improved cybersecurity system was supposed to have been installed after Mitsubishi Electric, a manufacturer of defense equipment, infrastructure and electrical equipment, was targeted. Mitsubishi Electric strengthened access restrictions to its computer network and created a new department reporting directly to the company president to implement new cybersecurity measures. Because the latest attack again targeted a company playing a major role in supporting Japan’s national security and infrastructure, the cyberattack was likely engineered by a group with advanced hacking skills.

Mitsubishi Electric, one of the world's largest electronics and electrical equipment manufacturing firms, was hit by a major security breach. Chinese-linked cyber-espionage group named Tick (or Bronze Butler) is the primary suspect. The intrusion was detected after Mitsubishi Electric staff found a suspicious file on one of the company's servers. The intrusion was later tracked to a compromised employee account. Hackers escalated their access from this initial entry point to Mitsubishi Electric's internal systems, gaining access to the networks of around 14 company departments, such as sales and the head administrative office. Hackers stole sensitive data from the company's internal network. Hackers compromised tens of PCs and servers in Japan and overseas from where they stole around 200 MB of files, mostly business documents.