SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations - CyberSecurityNews

Home Cyber Security News SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-2025-0921, affects supervisory control and data acquisition infrastructure widely deployed across automotive, energy, and manufacturing sectors. Vulnerability Overview CVE-2025-0921 stems from an execution-with-unnecessary-privileges weakness in multiple services within Mitsubishi Electric Iconics Digital Solutions GENESIS64. The vulnerability has a CVSS score of 6.5, which is classified as medium severity. Successful exploitation enables attackers to misuse privileged file system operations to elevate privileges and corrupt critical system binaries, ultimately compromising system integrity and availability. CVE Identifier Vulnerability Description CVSS Score CVE-2025-0921 Execution with unnecessary privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 6.5 (Medium) The vulnerability was discovered during a comprehensive security assessment conducted by Unit 42 researchers Asher Davila and Malav Vyas in early 2024. This finding represents one of six vulnerabilities identified in Iconics Suite versions 10.97.2 and earlier for Microsoft Windows platforms. The researchers previously disclosed five related vulnerabilities affecting the same SCADA platform, with CVE-2025-0921 emerging as an additional threat during their investigation. Permissions of GraphWorX64(source: paloaltonetworks) According to Mitsubishi Electric’s security advisory, the vulnerability impacts all versions of GENESIS64, MC Works64, and GENESIS version 11.00. Iconics Suite maintains hundreds of thousands of installations across more than 100 countries, spanning critical infrastructure sectors such as government facilities, military installations, water and wastewater treatment plants, utilities, and energy providers. Technical Exploitation Details The vulnerability resides in the Pager Agent component of AlarmWorX64 MMX, the alarm management system that monitors industrial processes. Attackers with local access can exploit the flaw by manipulating the SMSLogFile path configuration stored in the IcoSetup64.ini file located in the C:\ProgramData\ICONICS directory. newly altered cng.sys file created by the exploit(source:PaloAltonetwork) The attack chain involves creating symbolic links from the log file location to target system binaries. When administrators send test messages or the system automatically triggers alerts, logging information follows the symbolic link and overwrites critical drivers such as cng.sys, which provides cryptographic services for Windows system components. Upon system reboot, the corrupted driver causes boot failures, trapping the machine in an endless repair loop and rendering the OT engineering workstation inoperable. Endless Windows boot loop caused by the corrupted driver (source: paloaltonetworks) Researchers demonstrated that exploitation becomes significantly easier when combined with CVE-2024-7587, a previously disclosed vulnerability in the GenBroker32 installer that grants excessive permissions to the C:\ProgramData\ICONICS directory, allowing any local user to modify critical configuration files. However, attackers could still exploit CVE-2025-0921 independently if log files become writable due to misconfiguration, other vulnerabilities, or social engineering. Mitsubishi Electric has released patches for GENESIS version 11.01 and later, which customers can download from the Iconics Community Resource Center. For GENESIS64 users, a fixed version is currently under development and will be released in the near future. The vendor has indicated no plans to release patches for MC Works64, requiring customers to implement mitigations in the meantime. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Attackers Turn QEMU Into a Stealth Backdoor for Credential Theft and Ransomware Cyber Security News New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT Cyber Security News Microsoft Teams Desktop Client Faces Launch Failures After Update Triggers Caching Regression Top 10 Top 10 Best User Access Management Tools in 2026 April 4, 2026 Top 10 Best VPN For Chrome in 2026 April 4, 2026 20 Best Application Performance Monitoring Tools in 2026 April 3, 2026 Top 10 Best VPN For Linux In 2026 April 3, 2026 10 Best VPN For Privacy In 2026 April 2, 2026