Incorrect Default Permissions Vulnerability in ICONICS GENESIS64
CVE-2024-7587

7.8HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Mc Works64
Iconics Suite
Genesis32
Vendor
CVE Published:
22 October 2024

What is CVE-2024-7587?

An incorrect default permissions vulnerability exists in the GenBroker32 component, included with installers of ICONICS GENESIS64 and Mitsubishi Electric MC Works64. This vulnerability allows local authenticated attackers the potential to access confidential information or disrupt normal operations by exploiting improper folder permissions. If GenBroker32 is installed on the same PC as GENESIS64 or MC Works64, this access can lead to data disclosure, tampering, or even a denial of service (DoS) condition, thereby jeopardizing the integrity and availability of the affected products.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GENESIS32 Versions 9.70.300.23 and prior

GENESIS32 Versions 9.70.300.23 and prior

GENESIS64 Versions 10.97.3 and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU95548104
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...
government-resource

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.