Possible Local Authenticated Attack leading to Information Disclosure or Denial of Service
CVE-2024-8300

7HIGH

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Genesis64
Vendor: CVE Published:; 28 November 2024

🔔 Create Mitsubishi Electric Corporation Vulnerability Alert

What is CVE-2024-8300?

A dead code vulnerability has been identified in the GENESIS64 software from both ICONICS and Mitsubishi Electric that impacts several versions. This issue allows local authenticated attackers to execute malicious code by manipulating a specially crafted Dynamic Link Library (DLL). Exploitation of this vulnerability could lead to unauthorized disclosure of information, tampering, destruction, or deletion of data. Furthermore, the vulnerability poses a risk of causing denial of service conditions on the affected products, potentially disrupting normal operations.

Affected Version(s)

GENESIS64 Version 10.97.2

GENESIS64 10.97.2 CFR1

GENESIS64 10.97.2 CRF2

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

vendor-advisory

https://jvn.jp/vu/JVNVU93891820

government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...

government-resource

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024

Credit

Asher Davila of Palo Alto Networks

Malav Vyas of Palo Alto Networks