Mitsubishi Electric SCADA Flaw Opens Door for Local Code Execution

/HIGH
SCW vulnerabilitycvecloud
Mitsubishi Electric SCADA Flaw Opens Door for Local Code Execution

Mitsubishi Electric’s GENESIS64 and related SCADA software packages are vulnerable to CVE-2024-1574, a critical flaw that could allow local attackers to gain administrative privileges. According to CVE Notify, the vulnerability stems from ‘Unsafe Reflection,’ where externally controlled input is used to select classes or code. This means an attacker already on the network could potentially tamper with a specific, unprotected file to execute malicious code with high-level permissions.

The affected products span a wide range of Mitsubishi Electric’s industrial automation and visualization platforms, including GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI, MC Works64, GENESIS32, and BizViz, with specific version limitations noted for each. The core issue lies in how the licensing feature handles user input, creating an exploitable path for privilege escalation if an attacker can modify a target file.

What This Means For You

  • Given this 'Unsafe Reflection' vulnerability in Mitsubishi Electric's SCADA software, security professionals should prioritize patching affected systems immediately and, as a crucial compensating control, implement strict file integrity monitoring and access controls on critical configuration files that manage licensing or code execution paths to detect and prevent unauthorized modifications.

Related ATT&CK Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation T1547.001 Registry Run Keys / Startup Folder Persistence T1059.001 PowerShell Execution

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1068 Privilege Escalation

Privilege Escalation Attempt Detection

Sigma YAML — free preview

Source: Shimi's Cyber World · License & reuse

Indicators of Compromise

IDTypeIndicator
CVE-2024-1574 Privilege Escalation Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, ICONICS Suite versions 10.97.2 and prior, Hyper Historian versions 10.97.2 and prior, AnalytiX versions 10.97.2 and prior, MobileHMI versions 10.97.2 and prior, MC Works64 all versions, GENESIS32 versions 9.7 and prior, BizViz versions 9.7 and prior. Vulnerability in the licensing feature allows local attacker to execute malicious code with administrative privileges by tampering with a specific file.
CVE-2024-1574 Code Injection Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, ICONICS Suite versions 10.97.2 and prior, Hyper Historian versions 10.97.2 and prior, AnalytiX versions 10.97.2 and prior, MobileHMI versions 10.97.2 and prior, MC Works64 all versions, GENESIS32 versions 9.7 and prior, BizViz versions 9.7 and prior. Vulnerability in the licensing feature related to 'Unsafe Reflection'.

By Shimi's Cyber World Editorial

Related coverage

Anthropic AI Finds 10,000 High-Severity Flaws in Critical Software

Anthropic's Project Glasswing, an AI-driven cybersecurity initiative, has reportedly uncovered over 10,000 high- or critical-severity vulnerabilities in globally significant software. The Hacker News reports that...

threat-intelvulnerabilitycloudai-security
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs /⚙ 1 Sigma
Featured

Daily Security Digest — 2026-05-22

13 vulnerability disclosures (5 Critical, 8 High) and 14 curated intelligence stories from 6 sources.

daily-digestvulnerabilityCVEhigh-severitycwe-88privilege-escalationcwe-863criticalremote-code-executioncwe-434
/SCW Daily Digest /CRITICAL

WordPress Ditty Plugin: Authorization Bypass Exposes Non-Public Content

CVE-2026-9011 — The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 3 IOCs