CVE-2024-8299

high

Description

Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

References

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf

https://www.securityweek.com/details-disclosed-for-scada-flaws-that-could-facilitate-industrial-attacks/

https://cyberscoop.com/iconics-scada-vulnerabilities-2025-palo-alto/

https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/

https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04

https://jvn.jp/vu/JVNVU93891820

Details

Source: Mitre, NVD

Published: 2024-11-28

Updated: 2024-12-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018