medium Code Vulnerability
CISA ICS Advisory: Mitsubishi/ICONICS SQL Credentials in Cleartext
| CVE | CVE-2025-14815 |
| Severity | medium |
| Status | open |
| Date | April 7, 2026 |
| Affects | Mitsubishi Electric GENESIS64 / ICONICS Suite (versions up to 10.97.3) |
| Source | www.cisa.gov |
Details
SQL Server credentials stored in cleartext when using local caching (SQLite) or Hyper Historian Splitter with SQL auth. Critical manufacturing sector, worldwide deployment. Fix: upgrade to 10.98+.