CVE-2024-8300
Malicious Code Execution Vulnerability in GENESIS64
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
*Credits:
Asher Davila of Palo Alto Networks, Malav Vyas of Palo Alto Networks
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-29 CVE Reserved
- 2024-11-28 CVE Published
- 2024-11-29 CVE Updated
- 2024-11-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-561: Dead Code
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU93891820 | Government Resource |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf | 2024-11-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishi Electric Corporation Search vendor "Mitsubishi Electric Corporation" | GENESIS64 Search vendor "Mitsubishi Electric Corporation" for product "GENESIS64" | 10.97.2 Search vendor "Mitsubishi Electric Corporation" for product "GENESIS64" and version "10.97.2" | en |
Affected
| ||||||
| Mitsubishi Electric Corporation Search vendor "Mitsubishi Electric Corporation" | GENESIS64 Search vendor "Mitsubishi Electric Corporation" for product "GENESIS64" | 10.97.3 Search vendor "Mitsubishi Electric Corporation" for product "GENESIS64" and version "10.97.3" | en |
Affected
| ||||||
| ICONICS Search vendor "ICONICS" | GENESIS64 Search vendor "ICONICS" for product "GENESIS64" | 10.97.2 Search vendor "ICONICS" for product "GENESIS64" and version "10.97.2" | en |
Affected
| ||||||
| ICONICS Search vendor "ICONICS" | GENESIS64 Search vendor "ICONICS" for product "GENESIS64" | 10.97.3 Search vendor "ICONICS" for product "GENESIS64" and version "10.97.3" | en |
Affected
| ||||||