CVE-2024-8299

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 all versions Mitsubishi Electric GENESIS64 all versions Mitsubishi Electric MC Works64 all versions

Description The issue is related to an uncontrolled search path element, which can be exploited by a local authenticated attacker to execute malicious code. This is achieved by storing a specially crafted DLL in a specific folder, potentially leading to information disclosure, tampering, destruction, or deletion, as well as causing a denial of service (DoS) condition on the affected products.

Recommendations For ICONICS GENESIS64 all versions, consider disabling the ability to store DLL files in specific folders as a temporary workaround until a patch is available. For Mitsubishi Electric GENESIS64 all versions, restrict access to folders where DLL files can be stored to minimize the risk of exploitation. For Mitsubishi Electric MC Works64 all versions, avoid using folders that allow the storage of specially crafted DLL files until the issue is resolved.