Mitsubishi Electric GENESIS64 and ICONICS Suite products
Summary
Multiple vulnerabilities have been identified in Mitsubishi Electric GENESIS64 and ICONICS Suite products, allowing local attackers to access SQL Server credentials stored in plaintext. Successful exploitation could lead to data disclosure, tampering, destruction, or denial-of-service conditions.
IFF Assessment
The vulnerabilities allow attackers to access sensitive credentials and potentially disrupt critical operational technology systems, posing a significant threat to operational integrity and data security.
Severity
The CVSS score of 8.8 reflects the critical severity of the vulnerabilities, primarily due to the Cleartext Storage of Sensitive Information (CWE 312) which enables a local attacker to gain elevated privileges and impact system availability and data confidentiality.
Defender Context
Defenders should prioritize patching or mitigating these vulnerabilities in industrial control systems that utilize Mitsubishi Electric's affected products. Organizations must also review their credential management practices and consider implementing enhanced monitoring for unusual access patterns to SQL databases within their OT environments.