CVE-2024-1573

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric MC Works64 all versions

Description The issue allows a remote unauthenticated attacker to bypass proper authentication and log in to the system under specific conditions, including the use of Active Directory in the security setting, the enablement of the "Automatic log in" option, the IcoAnyGlass IIS Application Pool running under an Active Directory Domain Account, and the account being included in GENESIS64 and MC Works64 Security with login permission.

Recommendations For ICONICS GENESIS64 versions 10.97 to 10.97.2, consider disabling the "Automatic log in" option in the security setting until a patch is available. For Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, restrict the IcoAnyGlass IIS Application Pool account's permission to log in to minimize the risk of exploitation. For Mitsubishi Electric MC Works64 all versions, avoid using the Active Directory Domain Account for the IcoAnyGlass IIS Application Pool until the issue is resolved. As a temporary workaround, consider running the IcoAnyGlass IIS Application Pool under a non-Active Directory account to prevent unauthorized access.