ICONICS GENESIS64 and Mitsubishi Electric MC Works64

Plan PatchCVSS 7.8ICS-CERT ICSA-21-294-01Oct 21, 2021

Mitsubishi ElectricICONICSEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Buffer overflow and out-of-bounds read vulnerabilities in ICONICS GENESIS64 (all versions up to 10.97) and Mitsubishi Electric MC Works64 (all versions up to 4.04E) allow code execution when a user opens a malicious AutoCAD DWG file or is socially engineered to click a malicious link. The vulnerabilities exist in file parsing logic and require local access and user interaction. ICONICS has stated that GENESIS64 Version 10.97.1 and later will not be vulnerable. No public exploits are currently known, and these vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker who gains local access to a workstation running GENESIS64 or MC Works64 could execute arbitrary code with the privileges of the logged-in user, potentially allowing them to modify HMI configurations, process data, or operator commands that control the industrial process.

Who's at risk

Energy sector organizations using ICONICS GENESIS64 HMI software or Mitsubishi Electric MC Works64 engineering tools on Windows workstations should care. This affects operators, engineers, and maintenance staff who work with these systems on computers that also have email access.

How it could be exploited

An attacker must trick a user into opening a malicious AutoCAD DWG file or clicking a link in email while logged into a workstation with GENESIS64 or MC Works64 installed. The vulnerability exists in the file parsing logic (CWE-787 buffer overflow, CWE-125 out-of-bounds read), allowing code execution when the crafted file is processed.

Prerequisites

Local access to a workstation or engineering station running GENESIS64 (version 10.97 or earlier) or MC Works64 (version 4.04E or earlier)
User must open a malicious AutoCAD DWG file or click a malicious email link
Attacker relies on social engineering rather than network-level exploitation

No patch currently available for MC Works64No patch currently available for GENESIS64 (patch in development)Local access required—lower risk than remote, but still exploitable via social engineeringAffects HMI/supervisory systems which control process operationsBuffer overflow vulnerability (CWE-787) with memory access issues (CWE-125)

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

MC Works64: (all≤ 4.04ENo fix yet

GENESIS64: (all≤ 10.9710.97.1

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict access to DWG file imports and disable AutoCAD file opening in GENESIS64/MC Works64 if not required for operations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade GENESIS64 to version 10.97.1 or later when the Critical Fix Rollup becomes available

HOTFIXUpgrade MC Works64 to a patched version when available from Mitsubishi Electric

Long-term hardening

0/2

HARDENINGImplement firewall rules to isolate control system networks from the business network and internet

HARDENINGTrain operators and engineering staff not to open unsolicited email attachments or click links from untrusted sources

CVEs (2)

CVE-2021-27041 CVE-2021-27040

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7fc95e46-54c0-4ac9-8cdd-b068a2925b16

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.