CVE-2024-1182

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU98894016/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf
https://jvn.jp/vu/JVNVU98894016/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf

Configurations

No configuration.

History

08 Jan 2026, 12:15

Type	Values Removed	Values Added
Summary	(en) Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64 and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.	(en) Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.

21 Nov 2024, 08:49

Type	Values Removed	Values Added
References	~~() https://jvn.jp/vu/JVNVU98894016/ -~~	() https://jvn.jp/vu/JVNVU98894016/ -
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03 -
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf -~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf -

05 Jul 2024, 12:55

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad no controlada del elemento de ruta de búsqueda en ICONICS GENESIS64 todas las versiones, Mitsubishi Electric GENESIS64 todas las versiones y Mitsubishi Electric MC Works64 todas las versiones permite a un atacante local ejecutar un código malicioso almacenando una DLL especialmente manipulada en una carpeta específica cuando GENESIS64 y MC Works64 están instalados con el agente buscapersonas en la función de notificación de alarma de múltiples agentes.

04 Jul 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-04 09:15

Updated : 2026-01-08 12:15

NVD link : CVE-2024-1182

Mitre link : CVE-2024-1182

CVE.ORG link : CVE-2024-1182

JSON object : View

Products Affected

No product.

CWE

CWE-427

Uncontrolled Search Path Element

7.0 /10