Skip to main content

CVE-2025-0921: CWE-250 Execution with Unnecessary Privileges in Mitsubishi Electric Corporation GENESIS64

Medium
VulnerabilityCVE-2025-0921cvecve-2025-0921cwe-250
Published: Thu May 15 2025 (05/15/2025, 22:36:37 UTC)
Source: CVE
Vendor/Project: Mitsubishi Electric Corporation
Product: GENESIS64

Description

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric MC Works64 all versions, and Mitsubishi Electric GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

AI-Powered Analysis

AILast updated: 08/07/2025, 00:42:10 UTC

Technical Analysis

CVE-2025-0921 is a vulnerability classified under CWE-250 (Execution with Unnecessary Privileges) affecting multiple Mitsubishi Electric Corporation products, including GENESIS64 (all versions), GENESIS version 11.00, and MC Works64 (all versions). The vulnerability arises because certain services within these products execute with elevated privileges unnecessarily and allow a local authenticated attacker to exploit symbolic link (symlink) creation. Specifically, the attacker can create a symlink from a file that the vulnerable service writes to, redirecting the write operation to an arbitrary target file. This unauthorized write capability can lead to the destruction or corruption of critical files on the affected PC. Since these files may be essential for the proper operation of the system or the industrial control software, their destruction can cause a denial-of-service (DoS) condition, disrupting operations on the affected machine. The vulnerability requires local authentication, meaning the attacker must have some level of access to the system, but does not require user interaction beyond that. The CVSS v3.1 base score is 6.5 (medium severity), reflecting the local attack vector, low complexity, low privileges required, no user interaction, and a scope change due to impact on integrity but no confidentiality or availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may currently rely on compensating controls or vendor updates once available.

Potential Impact

For European organizations, particularly those in industrial sectors such as manufacturing, energy, utilities, and critical infrastructure that rely on Mitsubishi Electric's GENESIS64 and related SCADA/HMI software, this vulnerability poses a significant operational risk. The ability for a local attacker to corrupt or destroy critical files can lead to system downtime, loss of control over industrial processes, and potential safety hazards. Disruption of industrial control systems can have cascading effects, including production halts, financial losses, and regulatory compliance issues under frameworks like NIS2 and GDPR if operational disruptions affect personal data processing or critical services. The requirement for local authentication limits remote exploitation but does not eliminate risk, as insider threats or attackers who gain initial footholds via other means could leverage this vulnerability to escalate damage. The integrity impact is high, as unauthorized file writes can alter system behavior or disable critical functions. Although availability impact is not directly indicated, the resulting DoS condition can effectively cause operational unavailability. Confidentiality impact is not significant in this case. Overall, European organizations using these Mitsubishi Electric products should consider this vulnerability a medium to high operational risk due to its potential to disrupt critical industrial processes.

Mitigation Recommendations

1. Restrict local access: Limit the number of users with local authenticated access to systems running GENESIS64 and related products. Implement strict access controls and monitoring to detect unauthorized local logins. 2. Apply principle of least privilege: Ensure that services and users operate with the minimum necessary privileges. Review and harden service account permissions to prevent unnecessary write capabilities. 3. Monitor for symlink creation: Deploy file integrity monitoring and endpoint detection tools capable of identifying suspicious symbolic link creation or manipulation in directories used by GENESIS64 services. 4. Network segmentation: Isolate industrial control systems from general IT networks to reduce the risk of attackers gaining local access. 5. Vendor updates: Stay in close contact with Mitsubishi Electric for patches or updates addressing CVE-2025-0921 and apply them promptly once available. 6. Incident response readiness: Prepare to respond to potential DoS conditions caused by file corruption, including backup and recovery plans for critical files and systems. 7. Audit and logging: Enable detailed logging of file operations and service activities to facilitate forensic analysis if exploitation is suspected. These measures go beyond generic advice by focusing on controlling local access, monitoring specific attack vectors (symlink abuse), and preparing operational continuity plans tailored to industrial control environments.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Mitsubishi
Date Reserved
2025-01-31T01:50:57.976Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0f91484d88663aebed2

Added to database: 5/20/2025, 6:59:05 PM

Last enriched: 8/7/2025, 12:42:10 AM

Last updated: 8/13/2025, 12:34:30 AM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats