CVE-2024-1573
July 4, 2024, 9:15 a.m.
5.9
Medium
Description
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting.
* “Automatic log in” option is enabled in the security setting.
* The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account.
* The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in.
Product(s) Impacted
| Product | Versions |
|---|---|
| ICONICS GENESIS64 |
|
| Mitsubishi Electric GENESIS64 |
|
| Mitsubishi Electric MC Works64 |
|
Weaknesses
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Tags
CVSS Score
CVSS Data
- Attack Vector: NETWORK
- Attack Complexity: HIGH
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: NONE
- Integrity Impact: HIGH
- Availability Impact: NONE
View Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Date
- Published: July 4, 2024, 9:15 a.m.
- Last Modified: July 4, 2024, 9:15 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.