CVE-2024-8300

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric FA Connector SCADA-system GENESIS64 versions 10.97.2 through 10.97.3 ICONICS GENESIS64 versions 10.97.2 through 10.97.3

Description The issue is related to the presence of dead code in the GENESIS64 system, which can be exploited by a local authenticated attacker to execute malicious code by tampering with a specially crafted DLL. This could lead to disclosure, tampering with, destruction, or deletion of information in the affected products, or cause a denial of service (DoS) condition on the products.

Recommendations For Mitsubishi Electric FA Connector SCADA-system GENESIS64 versions 10.97.2 through 10.97.3, update to a version that does not contain the dead code vulnerability. For ICONICS GENESIS64 versions 10.97.2 through 10.97.3, update to a version that does not contain the dead code vulnerability. As a temporary workaround, consider restricting access to the DLL files to prevent tampering until a patch is available.