CVE-2024-8300

Dec. 6, 2024, 6:15 a.m.

7.0
Medium

Description

Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

Product(s) Impacted

Product Versions
ICONICS GENESIS64
  • 10.97.2
  • 10.97.2 CFR1
  • 10.97.2 CRF2
  • 10.97.3
Mitsubishi Electric GENESIS64
  • 10.97.2
  • 10.97.2 CFR1
  • 10.97.2 CRF2
  • 10.97.3

Weaknesses

CWE-561
Dead Code
The product contains dead code, which can never be executed.

References

https://jvn.jp/vu/JVNVU93891820
https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf

Tags

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
2024-11-28
CVE-2024-8300
CWE-561

CVSS Score

7.0 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: Nov. 28, 2024, 11:15 p.m.
  • Last Modified: Dec. 6, 2024, 6:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.