CVE-2024-8300

Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU93891820
https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf

Configurations

No configuration.

History

09 Jan 2026, 08:15

Type	Values Removed	Values Added
Summary	(en) Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.	(en) Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

06 Dec 2024, 06:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04 -
Summary		(es) La vulnerabilidad de código muerto en ICONICS GENESIS64 versión 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 y 10.97.3 y Mitsubishi Electric GENESIS64 versión 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 y 10.97.3 permite que un atacante local autenticado ejecute un código malicioso alterando una DLL especialmente manipulada. Esto podría llevar a divulgar, alterar, destruir o eliminar información en los productos afectados, o causar una condición de denegación de servicio (DoS) en los productos.

28 Nov 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-28 23:15

Updated : 2026-01-09 08:15

NVD link : CVE-2024-8300

Mitre link : CVE-2024-8300

CVE.ORG link : CVE-2024-8300

JSON object : View

Products Affected

No product.

CWE

CWE-561

Dead Code

7.0 /10