CVE-2024-1182

HIGH

Mitsubishi Electric - Local Execution

Title source: llm

Description

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.

References (3)

[Third Party Advisory] https://jvn.jp/vu/JVNVU98894016/

[Various Sources] https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03

Scores

CVSS v3 7.0

EPSS 0.0006

EPSS Percentile 18.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Timeline

Published Jul 04, 2024

Tracked Since Feb 18, 2026