CVE-2024-7587

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.3 and prior Mitsubishi Electric GENESIS64 versions 10.97.3 and prior Mitsubishi Electric MC Works64 all versions

Description The issue is related to incorrect default permissions in GenBroker32, which is included in the installers for the mentioned products. This allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64.

Recommendations For ICONICS GENESIS64 versions 10.97.3 and prior, consider disabling the GenBroker32 component until a patch is available. For Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, restrict access to the folder with incorrect permissions to minimize the risk of exploitation. For Mitsubishi Electric MC Works64 all versions, avoid using the vulnerable GenBroker32 component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.