THE Unit 42 report identifies a privileged file system operations vulnerability in Iconics Suite, tracked as CVE-2025-0921, with a Medium CVSS score of 6.5, which could allow attackers to elevate privileges and corrupt critical binaries on a SCADA system. It notes that attackers could misuse privileged file system operations to disrupt availability and integrity, potentially causing a DoS condition in the SCADA setup.
The analysis describes a vulnerability chain that leverages CVE-2024-7587, which grants excessive permissions in the GenBroker32 installer, making the C:\\ProgramData\\ICONICS directory writable and enabling manipulation of the SMSLogFile path stored in IcoSetup64[.]ini. Exploitation steps include creating a symbolic link from the SMSLogFile location to a targeted binary such as cng[.]sys, which PagerCfg[.]exe would then overwrite, ultimately producing a boot-time failure and a DoS in an OT engineering workstation.
The article credits the discovery to Unit 42’s assessment in collaboration with the Iconics security team and, according to Mitsubishi Electric Corporation, includes an advisory with mitigations to address the issue. Published: 30 January 2026.