Inclusion of Functionality Vulnerability in ICONICS GENESIS64 and Mitsubishi Electric MC Works64
CVE-2022-33317

7.8HIGH

Key Information:

Vendor: Iconics
Status: Iconics Genesis64; Mitsubishi Electric Mc Works64
Vendor: CVE Published:; 20 July 2022

What is CVE-2022-33317?

This vulnerability allows unauthenticated attackers to execute arbitrary malicious code in ICONICS GENESIS64 versions 10.97.1 and earlier, as well as Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and earlier. By enticing a user to load a malicious monitoring screen file containing harmful script codes, attackers can exploit this flaw, leading to potential unauthorized access and control over the affected systems.

Affected Version(s)

ICONICS GENESIS64; Mitsubishi Electric MC Works64 ICONICS GENESIS64 versions 10.97.1 and prior

ICONICS GENESIS64; Mitsubishi Electric MC Works64 Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

x_refsource_MISC

https://jvn.jp/vu/JVNVU96480474/index.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2022
Vulnerability Reserved
Jun 14, 2022

Iconics

What is CVE-2022-33317?

Affected Version(s)

References

CVSS V3.1

Timeline