Possible Local Authenticated Attack leading to Information Disclosure or Denial of Service
CVE-2024-8300

7HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Iconics Suite
Vendor
CVE Published:
28 November 2024

What is CVE-2024-8300?

A dead code vulnerability has been identified in the GENESIS64 software from both ICONICS and Mitsubishi Electric that impacts several versions. This issue allows local authenticated attackers to execute malicious code by manipulating a specially crafted Dynamic Link Library (DLL). Exploitation of this vulnerability could lead to unauthorized disclosure of information, tampering, destruction, or deletion of data. Furthermore, the vulnerability poses a risk of causing denial of service conditions on the affected products, potentially disrupting normal operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GENESIS64 Version 10.97.2

GENESIS64 Version 10.97.2 CFR1

GENESIS64 Version 10.97.2 CRF2

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU93891820
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...
government-resource

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Asher Davila of Palo Alto Networks
Malav Vyas of Palo Alto Networks
JSON
.