Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

Act Now7ICS-CERT ICSA-24-184-03Jul 2, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Multiple vulnerabilities (CWE-770, CWE-347, CWE-427, CWE-306, CWE-470) in ICONICS Suite, GENESIS64, GENESIS32, Hyper Historian, AnalytiX, MobileHMI, MC Works64, and BizViz up to and including version 10.97.2. These flaws involve improper resource limits, signature verification failures, untrusted search path issues, missing authentication checks, and improper validation. Successful exploitation could result in denial-of-service, privilege escalation, or arbitrary code execution on HMI and SCADA systems.

What this means

What could happen

Multiple privilege escalation and code execution vulnerabilities in ICONICS and Mitsubishi Electric HMI/SCADA software could allow an attacker with local or network access to run arbitrary commands, potentially disrupting monitoring and control of energy generation, distribution, and manufacturing processes.

Who's at risk

Energy utilities and manufacturing operations using ICONICS Suite, GENESIS64, GENESIS32, Hyper Historian, AnalytiX, MobileHMI, MC Works64, or BizViz for real-time monitoring and control of generators, distribution substations, transmission equipment, and manufacturing processes. This includes all versions up to 10.97.2 of these HMI/SCADA platforms.

How it could be exploited

An attacker with local access to an engineering workstation or HMI server running affected ICONICS/Mitsubishi software could exploit improper privilege management and code validation flaws to escalate privileges and execute arbitrary code on the system. If the HMI is accessible from the network (a common configuration for remote monitoring), exploitation could occur remotely without authentication on some vector combinations.

Prerequisites

Local or network access to ICONICS Suite, GENESIS64, or related products running version 10.97.2 or earlier
For some vectors: no authentication required; for others: valid user account on the HMI/engineering workstation
Affected software must be installed and running on Windows server or workstation

High EPSS score (92.0%)No patch available for versions below 10.97.3Affects all versions of multiple productsLocally exploitable with privilege escalation potentialCould enable arbitrary code execution on SCADA systemsLow complexity exploitation

Exploitability

High exploit probability (EPSS 92.0%)

Affected products (15)

12 with fix3 pending

ProductAffected VersionsFix Status

GENESIS32: vers:all/*All versionsNo fix yet

MC Works64: vers:all/*All versionsNo fix yet

ICONICS Suite: 10.97.210.97.210.97.3 or later

GENESIS64: 10.97.210.97.210.97.3 or later

GENESIS64: vers:all/*All versions10.97.3 or later

Hyper Historian: 10.97.210.97.210.97.3 or later

AnalytiX: 10.97.210.97.210.97.3 or later

MobileHMI: 10.97.210.97.210.97.3 or later

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to HMI and SCADA software to engineering workstations and authorized monitoring stations only; disable remote access if not operationally required

HARDENINGImplement strong access controls and least-privilege user accounts on systems running ICONICS/GENESIS software

HARDENINGMonitor affected systems for suspicious local process execution and privilege escalation attempts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ICONICS Suite and GENESIS64 to version 10.97.3 or later, or migrate to GENESIS successor product

HOTFIXApply '10.97.2 Critical Fixes Rollup 3' security update from ICONICS Community Portal if immediate upgrade to 10.97.3 is not feasible

CVEs (5)

CVE-2023-2650 CVE-2023-4807 CVE-2024-1182 CVE-2024-1573 CVE-2024-1574

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8c248554-fe97-4620-be35-791bdea0e15c