Local Authenticated Attacker Can Execute Malicious Code in ICONICS GENESIS64
CVE-2024-8299

7.8HIGH

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Genesis64; Mc Works64
Vendor: CVE Published:; 28 November 2024

🔔 Create Mitsubishi Electric Corporation Vulnerability Alert

What is CVE-2024-8299?

The vulnerability allows an authenticated local attacker to execute arbitrary code by placing a specially crafted DLL in a designated folder, potentially leading to data disclosure, modification, destruction, or denial of service within the affected products. The instances involve both ICONICS and Mitsubishi Electric's GENESIS64 and MC Works64 platforms, emphasizing the necessity for review and remediation to secure systems against exploitation.

Affected Version(s)

GENESIS64 all versions

MC Works64 all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

vendor-advisory

https://jvn.jp/vu/JVNVU93891820

government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...

government-resource

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024

Credit

Asher Davila of Palo Alto Networks

Malav Vyas of Palo Alto Networks