Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for GENESIS32 by Mitsubishi Electric Iconics Digital Solutions

    CVE-2025-0921 (GCVE-0-2025-0921)

    Vulnerability from nvd – Published: 2025-05-15 22:36 – Updated: 2026-04-13 23:06
    VLAI
    Title
    Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz
    Summary
    Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: version 11.00
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: version 11.00
    Create a notification for this product.
    Credits
    Asher Davila from Palo Alto Networks Malav Vyas from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-16T13:21:49.388730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-16T13:21:55.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila from Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas from Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
                }
              ],
              "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T23:06:00.161Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93838985"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-0921",
        "datePublished": "2025-05-15T22:36:37.902Z",
        "dateReserved": "2025-01-31T01:50:57.976Z",
        "dateUpdated": "2026-04-13T23:06:00.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9852 (GCVE-0-2024-9852)

    Vulnerability from nvd – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:39:20.927830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:43:35.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:38:42.201Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-9852",
        "datePublished": "2024-11-28T22:20:28.303Z",
        "dateReserved": "2024-10-11T01:20:49.722Z",
        "dateUpdated": "2026-04-08T13:38:42.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8299 (GCVE-0-2024-8299)

    Vulnerability from nvd – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T16:37:52.677330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T16:40:42.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:35:35.670Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8299",
        "datePublished": "2024-11-28T22:16:31.396Z",
        "dateReserved": "2024-08-29T06:26:34.979Z",
        "dateUpdated": "2026-04-08T13:35:35.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7587 (GCVE-0-2024-7587)

    Vulnerability from nvd – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46
    VLAI
    Title
    Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
    Summary
    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "10.97.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:49.960141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:50:04.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:46:11.126Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95548104"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-7587",
        "datePublished": "2024-10-22T22:19:20.646Z",
        "dateReserved": "2024-08-07T08:06:04.877Z",
        "dateUpdated": "2026-01-09T05:46:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1574 (GCVE-0-2024-1574)

    Vulnerability from nvd – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
    VLAI
    Summary
    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:44:19.238774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:45:36.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:31:05.753Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1574",
        "datePublished": "2024-07-04T09:02:35.260Z",
        "dateReserved": "2024-02-16T01:30:45.960Z",
        "dateUpdated": "2026-04-08T13:31:05.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1182 (GCVE-0-2024-1182)

    Vulnerability from nvd – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28
    VLAI
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:23:47.078975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:25:49.496Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:28:11.189Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1182",
        "datePublished": "2024-07-04T08:53:41.217Z",
        "dateReserved": "2024-02-02T00:20:48.886Z",
        "dateUpdated": "2026-04-08T13:28:11.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-33319 (GCVE-0-2022-33319)

    Vulnerability from nvd – Published: 2022-07-20 16:58 – Updated: 2026-01-09 05:14
    VLAI
    Summary
    Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:21.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.04E and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
                }
              ],
              "value": "Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:14:32.690Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-33319",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior"
                              },
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64 server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU96480474/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-33319",
        "datePublished": "2022-07-20T16:58:49.000Z",
        "dateReserved": "2022-06-14T00:00:00.000Z",
        "dateUpdated": "2026-01-09T05:14:32.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-33318 (GCVE-0-2022-33318)

    Vulnerability from nvd – Published: 2022-07-20 16:57 – Updated: 2026-01-09 05:12
    VLAI
    Summary
    Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:21.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.04E and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
                }
              ],
              "value": "Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:12:41.871Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-33318",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior"
                              },
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU96480474/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-33318",
        "datePublished": "2022-07-20T16:57:38.000Z",
        "dateReserved": "2022-06-14T00:00:00.000Z",
        "dateUpdated": "2026-01-09T05:12:41.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-23130 (GCVE-0-2022-23130)

    Vulnerability from nvd – Published: 2022-01-21 18:17 – Updated: 2026-01-08 11:45
    VLAI
    Summary
    Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.00A to 4.04E"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T11:45:13.985Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-23130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
                              },
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97 and prior"
                              },
                              {
                                "version_value": "ICONICS Hyper Historian versions 10.97 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-23130",
        "datePublished": "2022-01-21T18:17:30.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2026-01-08T11:45:13.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0921 (GCVE-0-2025-0921)

    Vulnerability from cvelistv5 – Published: 2025-05-15 22:36 – Updated: 2026-04-13 23:06
    VLAI
    Title
    Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz
    Summary
    Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS Affected: version 11.00
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS Affected: version 11.00
    Create a notification for this product.
    Credits
    Asher Davila from Palo Alto Networks Malav Vyas from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-16T13:21:49.388730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-16T13:21:55.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 11.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila from Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas from Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
                }
              ],
              "value": "Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions,  and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T23:06:00.161Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93838985"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2025-0921",
        "datePublished": "2025-05-15T22:36:37.902Z",
        "dateReserved": "2025-01-31T01:50:57.976Z",
        "dateUpdated": "2026-04-13T23:06:00.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9852 (GCVE-0-2024-9852)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:39:20.927830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:43:35.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:38:42.201Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-9852",
        "datePublished": "2024-11-28T22:20:28.303Z",
        "dateReserved": "2024-10-11T01:20:49.722Z",
        "dateUpdated": "2026-04-08T13:38:42.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8299 (GCVE-0-2024-8299)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T16:37:52.677330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T16:40:42.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:35:35.670Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8299",
        "datePublished": "2024-11-28T22:16:31.396Z",
        "dateReserved": "2024-08-29T06:26:34.979Z",
        "dateUpdated": "2026-04-08T13:35:35.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7587 (GCVE-0-2024-7587)

    Vulnerability from cvelistv5 – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46
    VLAI
    Title
    Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
    Summary
    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "10.97.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:49.960141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:50:04.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:46:11.126Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95548104"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-7587",
        "datePublished": "2024-10-22T22:19:20.646Z",
        "dateReserved": "2024-08-07T08:06:04.877Z",
        "dateUpdated": "2026-01-09T05:46:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1574 (GCVE-0-2024-1574)

    Vulnerability from cvelistv5 – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
    VLAI
    Summary
    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:44:19.238774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:45:36.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:31:05.753Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1574",
        "datePublished": "2024-07-04T09:02:35.260Z",
        "dateReserved": "2024-02-16T01:30:45.960Z",
        "dateUpdated": "2026-04-08T13:31:05.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1182 (GCVE-0-2024-1182)

    Vulnerability from cvelistv5 – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28
    VLAI
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:23:47.078975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:25:49.496Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:28:11.189Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1182",
        "datePublished": "2024-07-04T08:53:41.217Z",
        "dateReserved": "2024-02-02T00:20:48.886Z",
        "dateUpdated": "2026-04-08T13:28:11.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-33319 (GCVE-0-2022-33319)

    Vulnerability from cvelistv5 – Published: 2022-07-20 16:58 – Updated: 2026-01-09 05:14
    VLAI
    Summary
    Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:21.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.04E and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
                }
              ],
              "value": "Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:14:32.690Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-33319",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior"
                              },
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64 server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU96480474/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-33319",
        "datePublished": "2022-07-20T16:58:49.000Z",
        "dateReserved": "2022-06-14T00:00:00.000Z",
        "dateUpdated": "2026-01-09T05:14:32.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-33318 (GCVE-0-2022-33318)

    Vulnerability from cvelistv5 – Published: 2022-07-20 16:57 – Updated: 2026-01-09 05:12
    VLAI
    Summary
    Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:21.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 to 10.97.1"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.04E and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
                }
              ],
              "value": "Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:12:41.871Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-33318",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior"
                              },
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU96480474/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU96480474/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-33318",
        "datePublished": "2022-07-20T16:57:38.000Z",
        "dateReserved": "2022-06-14T00:00:00.000Z",
        "dateUpdated": "2026-01-09T05:12:41.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-23130 (GCVE-0-2022-23130)

    Vulnerability from cvelistv5 – Published: 2022-01-21 18:17 – Updated: 2026-01-08 11:45
    VLAI
    Summary
    Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 4.00A to 4.04E"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.7 or prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T11:45:13.985Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2022-23130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
                              },
                              {
                                "version_value": "ICONICS GENESIS64 versions 10.97 and prior"
                              },
                              {
                                "version_value": "ICONICS Hyper Historian versions 10.97 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-23130",
        "datePublished": "2022-01-21T18:17:30.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2026-01-08T11:45:13.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }