1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Low attack complexity
- Vendor: Mitsubishi Electric
- Equipment: MI5122-VW
- Vulnerability: Incorrect Default Permissions
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition on the product.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Mitsubishi Electric MELIPC Series MI5122-VW, an industrial PC, are affected:
- MI5122-VW: Firmware versions “05” up to and including “07”
3.2 Vulnerability Overview
3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276
In Mitsubishi Electric MELIPC Series MI5122-VWA firmware versions “05” up to and including “07”, a local attacker may execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.
CVE-2024-3904 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Japan
3.4 RESEARCHER
Mitsubishi Electric reported this vulnerability to CISA.
4. MITIGATIONS
Mitsubishi Electric has fixed the vulnerability in the following p
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: