Cleartext Storage Vulnerability in Mitsubishi Electric Products
CVE-2025-14816

9.3CRITICAL

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Iconics Suite
Mobilehmi
Hyper Historian
Vendor
CVE Published:
8 April 2026

What is CVE-2025-14816?

A vulnerability in Mitsubishi Electric products allows local attackers to view SQL Server credentials in plain text through the GUI of the Hyper Historian Splitter feature. When SQL authentication is used, this exposure enables unauthorized access to the SQL Server, putting sensitive data at risk of disclosure, tampering, or destruction, and potentially causing denial-of-service conditions.

Affected Version(s)

AnalytiX versions 10.97.3 and prior

AnalytiX versions 10.97.3 and prior

GENESIS versions 11.02 and prior

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...
government-resource
https://jvn.jp/vu/JVNVU90646130/
government-resource

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.