CVE-2025-11774 is an OS command injection vulnerability categorized under CWE-78, affecting Mitsubishi Electric Corporation's GENESIS64 software suite and related products, including Iconics Digital Solutions GENESIS64, ICONICS Suite, MobileHMI, and MC Works64. The vulnerability resides in the keypad function, which improperly neutralizes special elements used in OS commands. Specifically, an attacker with local access can manipulate the configuration file associated with the keypad function to execute arbitrary executable files (EXE) on the host system. This flaw arises because the software fails to adequately sanitize or validate inputs that are incorporated into OS command execution contexts, allowing injection of malicious commands. Exploitation requires the attacker to have limited privileges (PR:L) and user interaction (UI:R), but the scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially compromised component. The CVSS v3.1 base score is 8.2, reflecting high impact on confidentiality, integrity, and availability (all rated high). Potential consequences include unauthorized disclosure of sensitive information, modification or deletion of critical data, and denial-of-service conditions caused by malicious executable execution. The vulnerability affects all versions up to 10.97.2 CFR3 and prior, with no patches currently linked or publicly available. Although no known exploits are reported in the wild, the vulnerability poses a significant risk due to the critical nature of the affected systems, which are commonly used in industrial automation and building management environments.

For European organizations, this vulnerability presents a substantial risk, especially for those operating critical infrastructure, manufacturing plants, or building automation systems relying on Mitsubishi Electric GENESIS64 and related products. Successful exploitation could lead to unauthorized control over industrial processes, data breaches involving sensitive operational information, and disruption of services through denial-of-service attacks. The ability to execute arbitrary code locally could allow attackers to pivot within networks, escalate privileges, and compromise additional systems. Given the prevalence of Mitsubishi Electric automation solutions in Europe’s industrial sector, the potential for operational downtime, financial loss, regulatory non-compliance, and reputational damage is significant. Moreover, disruption in critical sectors such as energy, manufacturing, and transportation could have broader societal impacts. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where insider threats or compromised credentials are possible.

European organizations should implement a multi-layered mitigation strategy: 1) Restrict local access to systems running GENESIS64 and related products by enforcing strict access controls and monitoring physical and remote login attempts. 2) Audit and harden configuration files related to the keypad function to prevent unauthorized modifications; implement file integrity monitoring to detect tampering. 3) Apply vendor patches promptly once available; engage with Mitsubishi Electric support channels to obtain early updates or workarounds. 4) Employ application whitelisting to restrict execution of unauthorized executables on affected systems. 5) Conduct user training to reduce risky interactions that could facilitate exploitation. 6) Monitor system logs and network traffic for anomalous behavior indicative of exploitation attempts, particularly around keypad function usage. 7) Segment industrial control networks to limit lateral movement in case of compromise. 8) Consider deploying endpoint detection and response (EDR) solutions tailored for industrial environments to detect and respond to suspicious activities quickly.