{"id":10293,"date":"2026-01-31T10:03:48","date_gmt":"2026-01-31T10:03:48","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/01\/31\/scada-vulnerability-triggers-dos-potentially-disrupting-industrial-operations\/"},"modified":"2026-01-31T10:03:48","modified_gmt":"2026-01-31T10:03:48","slug":"scada-vulnerability-triggers-dos-potentially-disrupting-industrial-operations","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/01\/31\/scada-vulnerability-triggers-dos-potentially-disrupting-industrial-operations\/","title":{"rendered":"SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations"},"content":{"rendered":"

SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service <\/a>conditions on critical industrial control systems. <\/p>\n

The flaw, tracked as CVE-2025-0921, affects supervisory control and data acquisition infrastructure widely deployed across automotive, energy, and manufacturing sectors.<\/p>\n

Vulnerability Overview<\/strong><\/h2>\n

CVE-2025-0921 stems from an execution-with-unnecessary-privileges weakness in multiple services within Mitsubishi Electric Iconics Digital Solutions GENESIS64. <\/p>\n

The vulnerability has a CVSS score of 6.5, which is classified as medium severity. Successful exploitation enables attackers to misuse privileged file system operations to elevate privileges and corrupt critical system binaries, ultimately compromising system integrity and availability.<\/p>\n

\n\n\n\n\n\n
CVE Identifier<\/strong><\/th>\nVulnerability Description<\/strong><\/th>\nCVSS Score<\/strong><\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-0921<\/td>\nExecution with unnecessary privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64<\/td>\n6.5 (Medium)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

The vulnerability was discovered <\/a>during a comprehensive security assessment conducted by Unit 42 researchers Asher Davila and Malav Vyas in early 2024. <\/p>\n

This finding represents one of six vulnerabilities identified in Iconics Suite versions 10.97.2 and earlier for Microsoft Windows platforms. <\/p>\n

The researchers previously disclosed five related vulnerabilities affecting the same SCADA platform, with CVE-2025-0921 emerging as an additional threat during their investigation.<\/p>\n

\"Permissions
Permissions of GraphWorX64(source: paloaltonetworks)<\/figcaption><\/figure>\n

According to Mitsubishi Electric\u2019s security advisory, the vulnerability impacts all versions of GENESIS64, MC Works64, and GENESIS version 11.00. <\/p>\n

Iconics Suite maintains hundreds of thousands of installations across more than 100 countries, spanning critical infrastructure sectors such as government facilities, military installations, water and wastewater treatment plants, utilities, and energy providers.<\/p>\n

Technical Exploitation Details<\/strong><\/h2>\n

The vulnerability resides in the Pager Agent component of AlarmWorX64 MMX, the alarm management system <\/a>that monitors industrial processes. <\/p>\n

Attackers with local access can exploit the flaw by manipulating the SMSLogFile path configuration stored in the IcoSetup64.ini file located in the C:ProgramDataICONICS directory.<\/p>\n

\"newly
newly altered\u00a0cng.sys\u00a0file created by the exploit(source:PaloAltonetwork) <\/figcaption><\/figure>\n

The attack chain involves creating symbolic links from the log file location to target system binaries. <\/p>\n

When administrators send test messages or the system automatically triggers alerts, logging information follows the symbolic link and overwrites critical drivers such as cng.sys, which provides cryptographic services for Windows system <\/a>components. <\/p>\n

Upon system reboot, the corrupted driver causes boot failures, trapping the machine in an endless repair loop and rendering the OT engineering workstation inoperable.<\/p>\n

\"Endless
Endless Windows boot loop caused by the corrupted driver (source: paloaltonetworks)<\/figcaption><\/figure>\n

Researchers demonstrated that exploitation becomes significantly easier when combined with CVE-2024-7587, a previously disclosed vulnerability in the GenBroker32 installer that grants excessive permissions to the C:ProgramDataICONICS directory, allowing any local user to modify critical configuration files. <\/p>\n

However, attackers could still exploit CVE-2025-0921 independently if log files become writable due to misconfiguration, other vulnerabilities, or social engineering<\/a>.<\/p>\n

Mitsubishi Electric has released patches for GENESIS version 11.01 and later, which customers can download from the Iconics Community Resource Center. <\/p>\n

For GENESIS64 users, a fixed version is currently under development and will be released in the near future. The vendor has indicated no plans to release patches for MC Works64, requiring customers to implement mitigations in the meantime.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Dhivya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-2025-0921, affects supervisory control and data acquisition infrastructure widely deployed across automotive, energy, and manufacturing sectors. Vulnerability Overview CVE-2025-0921 stems from […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,1198,1438,416,131],"tags":[130],"class_list":["post-10293","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-dos","category-dos-attack","category-vulnerabilities","category-vulnerability","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10293"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10293"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10293\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}