CVE-2022-33317

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior

Description The issue allows an unauthenticated attacker to execute arbitrary malicious code by leading a user to load a monitoring screen file that includes malicious script codes. This is achieved through the inclusion of functionality from an untrusted control sphere.

Recommendations For ICONICS GENESIS64 versions 10.97.1 and prior, consider disabling the loading of monitoring screen files from untrusted sources until a patch is available. For Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior, restrict access to the monitoring screen file feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.