1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Low attack complexity
- Vendor: ICONICS, Mitsubishi Electric
- Equipment: ICONICS GENESIS64 Product Suite and Mitsubishi Electric MC Works64
- Vulnerabilities: Uncontrolled Search Path Element, Dead Code
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
ICONICS reports that the following versions of ICONICS and Mitsubishi Electric products are affected:
- GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX): Versions prior to 10.97.3 (CVE-2024-8299 and CVE-2024-9852)
- GENESIS64: Version 10.97.2, 10.97.2 CFR1, 10.97.2 CFR2, and 10.97.3 (CVE-2024-8300)
- Mitsubishi Electric MC Works64: all versions (CVE-2024-8299, CVE-2024-9852)
3.2 Vulnerability Overview
3.2.1 Uncontrolled Search Path Element CWE-427
An uncontrolled search path element in the AlarmWorX64 MMX Phone agent can provide the potential for DLL hijacking and malicious code execution.
CVE-2024-8299 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-8299. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: