Mitsubishi Electric SCADA Flaw Opens Door for Local Code Execution

/HIGH
SCW vulnerabilitycvecloud
Mitsubishi Electric SCADA Flaw Opens Door for Local Code Execution

Mitsubishi Electric’s GENESIS64 and related SCADA software packages are vulnerable to CVE-2024-1574, a critical flaw that could allow local attackers to gain administrative privileges. According to CVE Notify, the vulnerability stems from ‘Unsafe Reflection,’ where externally controlled input is used to select classes or code. This means an attacker already on the network could potentially tamper with a specific, unprotected file to execute malicious code with high-level permissions.

The affected products span a wide range of Mitsubishi Electric’s industrial automation and visualization platforms, including GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI, MC Works64, GENESIS32, and BizViz, with specific version limitations noted for each. The core issue lies in how the licensing feature handles user input, creating an exploitable path for privilege escalation if an attacker can modify a target file.

What This Means For You

  • Given this 'Unsafe Reflection' vulnerability in Mitsubishi Electric's SCADA software, security professionals should prioritize patching affected systems immediately and, as a crucial compensating control, implement strict file integrity monitoring and access controls on critical configuration files that manage licensing or code execution paths to detect and prevent unauthorized modifications.

Related ATT&CK Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation T1547.001 Registry Run Keys / Startup Folder Persistence T1059.001 PowerShell Execution

Indicators of Compromise

IDTypeIndicator
CVE-2024-1574 Privilege Escalation Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, ICONICS Suite versions 10.97.2 and prior, Hyper Historian versions 10.97.2 and prior, AnalytiX versions 10.97.2 and prior, MobileHMI versions 10.97.2 and prior, MC Works64 all versions, GENESIS32 versions 9.7 and prior, BizViz versions 9.7 and prior. Vulnerability in the licensing feature allows local attacker to execute malicious code with administrative privileges by tampering with a specific file.
CVE-2024-1574 Code Injection Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, ICONICS Suite versions 10.97.2 and prior, Hyper Historian versions 10.97.2 and prior, AnalytiX versions 10.97.2 and prior, MobileHMI versions 10.97.2 and prior, MC Works64 all versions, GENESIS32 versions 9.7 and prior, BizViz versions 9.7 and prior. Vulnerability in the licensing feature related to 'Unsafe Reflection'.

By Shimi's Cyber World Editorial

🛠 Recommended Tools

NordVPN Protect your research traffic. Threat protection included.
Our Pick
Proton VPN Secure Core routes traffic through Switzerland, Iceland, and Sweden first.
Recommended
Surfshark Unlimited devices for your security lab. VPN + malware blocker.
Great Value
🛡️
Want the IOCs from this threat? Get structured IOC exports and weekly threat briefs — delivered instantly to your Telegram.
Get My Intel →

Found this interesting? Follow us to stay ahead.

Telegram Channel Follow Shimi Cohen Follow Shimi's Cyber World
Share
Telegram LinkedIn WhatsApp Reddit