6.5

CVE-2025-0921

EPSS 0.07%
Veröffentlicht 15.05.2025 22:36:37
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMitsubishi Electric Corporation

≫

Produkt GENESIS64

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt ICONICS Suite

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt MobileHMI

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt Hyper Historian

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt AnalytiX

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt IoTWorX

Default Statusunaffected

Version version 10.95

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GENESIS32

Default Statusunaffected

Version all versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt BizViz

Default Statusunaffected

Version all versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt MC Works64

Default Statusunaffected

Version all versions

Status affected

HerstellerMitsubishi Electric Corporation

≫

Produkt GENESIS

Default Statusunaffected

Version version 11.00

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt GENESIS64

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt ICONICS Suite

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt MobileHMI

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt Hyper Historian

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt AnalytiX

Default Statusunaffected

Version versions 10.97.3 and prior

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt IoTWorX

Default Statusunaffected

Version version 10.95

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt GENESIS32

Default Statusunaffected

Version all versions

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt BizViz

Default Statusunaffected

Version all versions

Status affected

HerstellerMitsubishi Electric Iconics Digital Solutions

≫

Produkt GENESIS

Default Statusunaffected

Version version 11.00

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.205

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://jvn.jp/vu/JVNVU93838985

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04

https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf

https://nvd.nist.gov/vuln/detail/CVE-2025-0921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0921

EUVD