CVE-2022-33315

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior

Description The issue is related to the deserialization of untrusted data, which can be exploited by an unauthenticated attacker to execute arbitrary malicious code. This can be achieved by leading a user to load a monitoring screen file that includes malicious XAML codes. The vulnerability is associated with errors in data deserialization in the affected software packages.

Recommendations For ICONICS GENESIS64 versions 10.97.1 and prior, consider disabling the loading of external XAML files until a patch is available. For Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior, restrict access to the monitoring screen file feature to minimize the risk of exploitation. As a temporary workaround, avoid using the affected software to load any untrusted files or data.