CVE-2024-7587
Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64 and MC Works64
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-07 CVE Reserved
- 2024-10-22 CVE Published
- 2024-11-06 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU95548104 | Government Resource | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 | Government Resource |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf | 2024-10-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishi Electric Corporation Search vendor "Mitsubishi Electric Corporation" | GENESIS64 Search vendor "Mitsubishi Electric Corporation" for product "GENESIS64" | 10.97.3 Search vendor "Mitsubishi Electric Corporation" for product "GENESIS64" and version "10.97.3" | en |
Affected
| ||||||
| Mitsubishi Electric Corporation Search vendor "Mitsubishi Electric Corporation" | MC Works64 Search vendor "Mitsubishi Electric Corporation" for product "MC Works64" | <= Search vendor "Mitsubishi Electric Corporation" for product "MC Works64" and version " <= " | en |
Affected
| ||||||
| ICONICS Search vendor "ICONICS" | GENESIS64 Search vendor "ICONICS" for product "GENESIS64" | 10.97.3 Search vendor "ICONICS" for product "GENESIS64" and version "10.97.3" | en |
Affected
| ||||||