Uncontrolled Search Path Element Vulnerability in ICONICS GENESIS64
CVE-2024-9852

7.8HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Mc Works64
Iconics Suite
Genesis32
Vendor
CVE Published:
28 November 2024

What is CVE-2024-9852?

The uncontrolled search path element vulnerability in the ICONICS GENESIS64 and Mitsubishi Electric product lines allows a local authenticated attacker to exploit the system by placing a specially crafted DLL into a designated folder. This exploitation can lead to unauthorized execution of malicious code, potentially allowing the attacker to disclose sensitive information, tamper with data, or disrupt operations, resulting in denial of service (DoS) conditions. Organizations utilizing these products should take immediate steps to assess their security posture and mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GENESIS32 all versions

GENESIS32 all versions

GENESIS64 all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU93891820
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...
government-resource

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Asher Davila of Palo Alto Networks
Malav Vyas of Palo Alto Networks
JSON
.