CVE-2024-1574

Name of the Vulnerable Software and Affected Versions: ICONICS GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric MC Works64 all versions

Description: The issue is related to the use of externally-controlled input to select classes or code, also known as 'Unsafe Reflection', in the licensing feature of the affected software. This allows a local attacker to execute malicious code with administrative privileges by tampering with a specific file that is not protected by the system. The exploitation of this issue may enable an attacker to execute arbitrary code.

Recommendations: For ICONICS GENESIS64 versions 10.97 to 10.97.2, update to a version outside of this range to mitigate the risk. For Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, update to a version outside of this range to mitigate the risk. For Mitsubishi Electric MC Works64 all versions, consider restricting access to the licensing feature until a patch is available, as all versions are affected.