ICONICS Suite and Mitsubishi Electric MC Works64 Products (Update C)

Act Now9.8ICS-CERT ICSA-22-202-04Jul 26, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ICONICS GENESIS64 and ICONICS Suite contain multiple vulnerabilities including path traversal (CWE-22), unsafe deserialization (CWE-502), and improper input validation (CWE-125) that allow remote code execution. Mitsubishi Electric MC Works64 is also affected. These vulnerabilities can be exploited by a remote attacker without authentication to execute arbitrary code on affected systems.

What this means

What could happen

An attacker could execute arbitrary commands on your HMI/SCADA workstation without credentials, potentially allowing them to modify process setpoints, alter historical data, or disable monitoring and control functions across your plant operations.

Who's at risk

Energy sector operators and plant managers running ICONICS GENESIS64 or ICONICS Suite v10.97/10.97.1 on HMI/SCADA workstations, and those using Mitsubishi Electric MC Works64 or GENESIS32 for real-time process control and monitoring. This affects anyone using these platforms for power distribution, generation, or other critical plant operations.

How it could be exploited

An attacker on the network sends a specially crafted network request to the GENESIS64 or ICONICS Suite application (which listens on a standard port). The request exploits unsafe deserialization or path traversal to execute arbitrary code with the privileges of the application process. If the workstation is part of your operations network, the attacker gains direct access to control logic and plant data.

Prerequisites

Network access to the GENESIS64 or ICONICS Suite application port
The affected product version installed and running on a network-accessible workstation
No special credentials or authentication required

Remotely exploitableNo authentication requiredLow complexityRemote code execution possibleNo patch available for some affected products (MC Works64 <=4.04E, GENESIS32 <=9.7)

Exploitability

Moderate exploit probability (EPSS 1.6%)

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

ICONICS Suite: >=10.97|<=10.97.1≥ 10.97|≤ 10.97.110.97 Critical Fixes Rollup 4 or 10.97.1 Critical Fixes Rollup 3

MC Works64: <=4.04E≤ 4.04ENo fix (EOL)

GENESIS32: <=9.7≤ 9.7No fix (EOL)

GENESIS64: >=10.97|<=10.97.1≥ 10.97|≤ 10.97.110.97 Critical Fixes Rollup 4 or 10.97.1 Critical Fixes Rollup 3

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImplement firewall rules to restrict network access to GENESIS64 and ICONICS Suite application ports to only authorized engineering workstations and control systems

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXFor GENESIS64 and ICONICS Suite v10.97.1: Download and apply 'Critical Fixes Rollup 3' from the ICONICS Community Portal

HOTFIXFor GENESIS64 and ICONICS Suite v10.97: Download and apply 'Critical Fixes Rollup 4' from the ICONICS Community Portal

HOTFIXFor MC Works64 versions <=4.04E and GENESIS32 versions <=9.7: Contact Mitsubishi Electric for available updates or end-of-life product replacement planning

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: MC Works64: <=4.04E, GENESIS32: <=9.7. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate HMI and SCADA workstations running GENESIS64/ICONICS Suite from untrusted network segments

CVEs (7)

CVE-2022-29834 CVE-2022-33315 CVE-2022-33316 CVE-2022-33317 CVE-2022-33318 CVE-2022-33319 CVE-2022-33320

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d6c8cab1-1d9e-44a5-a0d4-ad35cb45e90b