CVE-2024-9852

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 all versions Mitsubishi Electric GENESIS64 all versions Mitsubishi Electric MC Works64 all versions

Description The issue is related to an uncontrolled search path element, which can be exploited by a local authenticated attacker to execute malicious code. This could lead to unauthorized access to read, modify, or delete data, execute arbitrary code, or cause a denial of service condition. The vulnerability allows an attacker to store a specially crafted DLL in a specific folder, potentially resulting in the disclosure, tampering, destruction, or deletion of information in the affected products.

Recommendations For ICONICS GENESIS64 all versions, consider disabling the vulnerable component until a patch is available. For Mitsubishi Electric GENESIS64 all versions, restrict access to the specific folder where the malicious DLL can be stored. For Mitsubishi Electric MC Works64 all versions, avoid using the vulnerable search path element until the issue is resolved. As a temporary workaround, consider restricting the execution of malicious code by implementing additional security measures, such as monitoring and controlling the storage of DLL files in specific folders. At the moment, there is no information about a newer version that contains a fix for this vulnerability.