CVE-2025-11774 Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64

🗓️ 19 Dec 2025 00:22:03Reported by MitsubishiType

OS command injection in the software keypad allows local attacker to run arbitrary EXE via config tampering, risking data loss.

Reporter	Title	Published	Views	Family All 8
CNNVD	Mitsubishi Electric多款产品操作系统命令注入漏洞	19 Dec 202500:00	–	cnnvd
CVE	CVE-2025-11774	19 Dec 202500:22	–	cve
EUVD	EUVD-2025-204434	19 Dec 202503:31	–	euvd
ICS	Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products	18 Dec 202507:00	–	ics
NVD	CVE-2025-11774	19 Dec 202501:16	–	nvd
Positive Technologies	PT-2025-52394	19 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-11774	20 Dec 202501:10	–	redhatcve
Vulnrichment	CVE-2025-11774 Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64	19 Dec 202500:22	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "GENESIS64",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GENESIS64",
    "vendor": "Mitsubishi Electric Iconics Digital Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ICONICS Suite",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ICONICS Suite",
    "vendor": "Mitsubishi Electric Iconics Digital Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MobileHMI",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MobileHMI",
    "vendor": "Mitsubishi Electric Iconics Digital Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MC Works64",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/vu/JVNVU97729686/
mitsubishielectric	www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-018_en.pdf

19 Dec 2025 00:22Current

CVSS 3.18.2

EPSS0.00492

CWE-78