Incorrect Default Permissions Vulnerability Affects MELIPC Series MI5122-VW Firmware Versions 05-07
CVE-2024-3904

8.8HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melipc Series Mi5122-vw
Vendor
CVE Published:
4 July 2024

What is CVE-2024-3904?

An Incorrect Default Permissions vulnerability exists in the Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions 05 through 07. This vulnerability allows a local attacker to execute arbitrary code by saving a malicious file in a targeted directory. The exploitation of this vulnerability can lead to unauthorized disclosure, modification, destruction, or deletion of sensitive information within the device. Furthermore, it may result in a denial-of-service condition, thereby impacting the operational capability of the product.

Affected Version(s)

MELIPC Series MI5122-VW Firmware versions "05" to "07"

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU91215350/index.html
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...
government-resource

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.