We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-9852

Malicious Code Execution Vulnerability in GENESIS64 and MC Works64



Description

Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

Reserved 2024-10-11 | Published 2024-11-28 | Updated 2024-12-06 | Assigner Mitsubishi


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

all versions
affected

Default status
unaffected

all versions
affected

Default status
unaffected

all versions
affected

Credits

Asher Davila of Palo Alto Networks finder

Malav Vyas of Palo Alto Networks finder

References

www.mitsubishielectric.com/...nerability/pdf/2024-010_en.pdf vendor-advisory

jvn.jp/vu/JVNVU93891820 government-resource

www.cisa.gov/news-events/ics-advisories/icsa-24-338-04 government-resource

cve.org (CVE-2024-9852)

nvd.nist.gov (CVE-2024-9852)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-9852

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.