CVE-2024-1574 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-1574 PUBLISHED CVSS 6.699999809265137 MEDIUM

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.

EPSS 0.14% · 33.8th percentile

Risk Scores

CVSS v3.1

6.699999809265137

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.14%

33.8th percentile

Affected Products

Vendor	Product	Versions
Mitsubishi Electric Corporation	MC Works64	all versions, all versions, all versions
Mitsubishi Electric Corporation	GENESIS32	versions 9.7 and prior, versions 9.7 and prior, versions 9.7 and prior
Mitsubishi Electric Corporation	MobileHMI	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	GENESIS64	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	BizViz	versions 9.7 and prior, versions 9.7 and prior, versions 9.7 and prior
Mitsubishi Electric Iconics Digital Solutions	GENESIS32	versions 9.7 and prior, versions 9.7 and prior, versions 9.7 and prior
mitsubishielectric	mc_works64	0, 0, 0
iconics	genesis64	10.97, 10.97, 10.97
Mitsubishi Electric Iconics Digital Solutions	Hyper Historian	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	AnalytiX	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	MobileHMI	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	AnalytiX	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	ICONICS Suite	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	Hyper Historian	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	GENESIS64	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Corporation	ICONICS Suite	versions 10.97.2 and prior, versions 10.97.2 and prior, versions 10.97.2 and prior
Mitsubishi Electric Iconics Digital Solutions	BizViz	versions 9.7 and prior, versions 9.7 and prior, versions 9.7 and prior

Timeline

Jul 4, 2024 CVE Published
Jul 5, 2024 EPSS Score
Jul 26, 2024 EPSS Score
Aug 21, 2024 EPSS Score
Sep 11, 2024 EPSS Score
Oct 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 24, 2024 EPSS Score
Nov 15, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 29, 2024 EPSS Score
Jan 19, 2025 EPSS Score

References

https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf vendor-advisory
https://jvn.jp/vu/JVNVU98894016/ url
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03 url
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-1574 advisory
https://jvn.jp/vu/JVNVU98894016 url

Open in Interactive Console →