CVE-2024-1573 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-1573 PUBLISHED CVSS 5.900000095367432 MEDIUM

Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in.

EPSS 0.24% · 47.4th percentile

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.24%

47.4th percentile

Affected Products

Vendor	Product	Versions
Mitsubishi Electric Corporation	ICONICS Suite	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	MobileHMI	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	AnalytiX	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
mitsubishielectric	mc_works64	0, 0, 0
Mitsubishi Electric Corporation	Hyper Historian	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	GENESIS64	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	MobileHMI	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	MC Works64	all versions, all versions, all versions
Mitsubishi Electric Iconics Digital Solutions	Hyper Historian	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	ICONICS Suite	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
iconics	genesis64	10.97, 10.97, 10.97
Mitsubishi Electric Iconics Digital Solutions	IoTWorX	version 10.95, version 10.95, version 10.95
Mitsubishi Electric Iconics Digital Solutions	GENESIS64	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	AnalytiX	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	IoTWorX	version 10.95, version 10.95, version 10.95

Timeline

Jul 4, 2024 CVE Published
Jul 5, 2024 EPSS Score
Jul 26, 2024 EPSS Score
Aug 21, 2024 EPSS Score
Sep 11, 2024 EPSS Score
Oct 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 24, 2024 EPSS Score
Nov 15, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 29, 2024 EPSS Score
Jan 19, 2025 EPSS Score

References

https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf vendor-advisory
https://jvn.jp/vu/JVNVU98894016/ url
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03 url
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-1573 advisory
https://jvn.jp/vu/JVNVU98894016 url

Open in Interactive Console →