7

CVE-2024-8300

Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite

Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellericonics
Produkt genesis64
Default Statusunknown
Version 10.97.2
Status affected
Version 10.97.2cfr1
Status affected
Version 10.97.2cfr2
Status affected
Version 10.97.3
Status affected
Herstellermitsubishielectric
Produkt genesis64
Default Statusunknown
Version 10.97.2
Status affected
Version 10.97.2cfr1
Status affected
Version 10.97.2cfr2
Status affected
Version 10.97.3
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.097
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-561 Dead Code

The product contains dead code, which can never be executed.

https://jvn.jp/vu/JVNVU93891820
https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf