CVE-2024-8300
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 | Version 10.97.2 | affected |
| Mitsubishi Electric Corporation | GENESIS64 | Version 10.97.2 CFR1 | affected |
| Mitsubishi Electric Corporation | GENESIS64 | Version 10.97.2 CRF2 | affected |
| Mitsubishi Electric Corporation | GENESIS64 | Version 10.97.3 | affected |
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 | Version 10.97.2 | affected |
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 | Version 10.97.2 CFR1 | affected |
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 | Version 10.97.2 CRF2 | affected |
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 | Version 10.97.3 | affected |
| Mitsubishi Electric Corporation | ICONICS Suite | Version 10.97.2 | affected |
| Mitsubishi Electric Corporation | ICONICS Suite | Version 10.97.2 CFR1 | affected |
| Mitsubishi Electric Corporation | ICONICS Suite | Version 10.97.2 CRF2 | affected |
| Mitsubishi Electric Corporation | ICONICS Suite | Version 10.97.3 | affected |
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite | Version 10.97.2 | affected |
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite | Version 10.97.2 CFR1 | affected |
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite | Version 10.97.2 CRF2 | affected |
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite | Version 10.97.3 | affected |
Weaknesses
- CWE-561: CWE-561 Dead Code
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf
- https://jvn.jp/vu/JVNVU93891820
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.