CVE-2024-7587

HIGH EPSS 9.2%
Published Oct 22, 20241y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 22, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
9.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-276

Affected Products 2

VendorProductVersionRange
iconicsgenesis64* ≤10.97.3
mitsubishielectricmc_works64*any

References 3

  • jvn.jp https://jvn.jp/vu/JVNVU95548104
    MitigationThird Party Advisory
  • cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01
    Third Party AdvisoryUS Government Resource
  • mitsubishielectric.com https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.