CVE-2022-33318

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU96480474/index.html	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf	Third Party Advisory
https://jvn.jp/vu/JVNVU96480474/index.html	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:iconics:genesis64:10.97:::::::*
	cpe:2.3:a:iconics:genesis64:10.97.1:::::::*

Configuration 2 (hide)

cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*

History

09 Jan 2026, 06:16

Type	Values Removed	Values Added
Summary	(en) Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server.	(en) Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.
References		() https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04 -

21 Nov 2024, 07:08

Type	Values Removed	Values Added
References	~~() https://jvn.jp/vu/JVNVU96480474/index.html - Third Party Advisory~~	() https://jvn.jp/vu/JVNVU96480474/index.html - Third Party Advisory
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf - Third Party Advisory~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf - Third Party Advisory

Information

Published : 2022-07-20 17:15

Updated : 2026-01-09 06:16

NVD link : CVE-2022-33318

Mitre link : CVE-2022-33318

CVE.ORG link : CVE-2022-33318

JSON object : View

Products Affected

mitsubishielectric

mc_works64

iconics

genesis64

CWE

CWE-502

Deserialization of Untrusted Data

9.8 /10