1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: ICONICS, Mitsubishi Electric
- Equipment: ICONICS Product Suite, Mitsubishi Electric MC Works64
- Vulnerability: Incorrect Default Permissions
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in disclosure of confidential information, data tampering, or a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
ICONICS reports that the following versions of ICONICS and Mitsubishi Electric Products are affected:
- ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.3 and prior
- Mitsubishi Electric MC Works64: all versions
3.2 Vulnerability Overview
3.2.1 Incorrect Default Permissions CWE-276
There is an incorrect default permissions vulnerability in ICONICS and Mitsubishi Electric products which may allow a disclosure of confidential information, data tampering, or a denial of service condition due to incorrect default permissions.
CVE-2024-7587 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.
3.4 RESEARCHER
Asher Davila and Malav Vyas of Palo Alto Networks reported this vulnerability to ICONICS.
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: