CVE-2022-33318

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior

Description The Deserialization of Untrusted Data issue allows a remote unauthenticated attacker to execute arbitrary malicious code by sending specially crafted packets to the GENESIS64 server. This vulnerability was demonstrated as a zero-click remote code execution memory corruption exploit, known as Paracosme, at Pwn2Own 2022 Miami, compromising ICONICS Genesis64.

Recommendations For ICONICS GENESIS64 versions 10.97.1 and prior, update to a version later than 10.97.1 to resolve the issue. For Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior, update to a version later than 4.04E (10.95.210.01) to resolve the issue. As a temporary workaround, consider restricting access to the GENESIS64 server to minimize the risk of exploitation.