CVE-2022-33316

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior

Description The issue allows an unauthenticated attacker to execute arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes. This is achieved through the deserialization of untrusted data.

Recommendations For ICONICS GENESIS64 versions 10.97.1 and prior, consider disabling the loading of monitoring screen files from untrusted sources until a patch is available. For Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior, restrict access to the monitoring screen feature to minimize the risk of exploitation. As a temporary workaround, avoid using the ColorPaletteEntry deserialization functionality in ICONICS GENESIS64 until a fix is provided.