Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

MonitorCVSS 7.8ICS-CERT ICSA-24-296-01Oct 22, 2024

Mitsubishi ElectricICONICSEnergyManufacturing

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A file permission vulnerability exists in Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric products including GENESIS64, GENESIS32, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI, and MC Works64. The vulnerability stems from insufficient file system access controls (CWE-276). An attacker with local user access could read sensitive configuration files, modify operational parameters, or cause denial of service. Successful exploitation could result in disclosure of confidential information, data tampering, or service disruption. Mitsubishi Electric indicates security updates are in development but has not released patches for any affected product versions as of this advisory.

What this means

What could happen

An attacker with local access could exploit insufficient file permissions to read sensitive configuration data, modify operational settings, or crash the HMI/SCADA software, disrupting plant visibility and control.

Who's at risk

This affects users of ICONICS HMI/SCADA software (GENESIS64, GENESIS32) and related modules (Hyper Historian, AnalytiX, MobileHMI) deployed in energy utilities and manufacturing plants. Also affects Mitsubishi Electric MC Works64 automation engineering software. Organizations relying on these platforms for process monitoring and control should review their access controls immediately.

How it could be exploited

An attacker with local login access (e.g., engineering workstation, operator PC) could navigate to application directories and read or modify protected files due to overly permissive file permissions, potentially accessing database credentials, process setpoints, or alarm configurations.

Prerequisites

Local user account on the system running GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, or MobileHMI
No elevated privileges required to exploit file permission weakness
Physical or remote access to the host system (RDP, physical terminal)

No authentication required (local access only)Low complexity exploitationNo vendor patch availableAffects SCADA/HMI systems critical to operational visibility

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (7)

7 EOL

ProductAffected VersionsFix Status

MC Works64: vers:all/*All versionsNo fix (EOL)

GENESIS64: <=10.97.3≤ 10.97.3No fix (EOL)

ICONICS Suite: <=10.97.3≤ 10.97.3No fix (EOL)

Hyper Historian: <=10.97.3≤ 10.97.3No fix (EOL)

AnalytiX: <=10.97.3≤ 10.97.3No fix (EOL)

MobileHMI: <=10.97.3≤ 10.97.3No fix (EOL)

GENESIS32: <=9.70.300.23≤ 9.70.300.23No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict logical and physical access to engineering workstations and HMI servers running GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, or MobileHMI to authorized personnel only

HARDENINGReview and restrict file system permissions on GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, and MobileHMI application directories to prevent unauthorized users from reading or modifying configuration files

WORKAROUNDReview the Mitsubishi Electric security advisory at https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf for vendor-provided compensating controls and long-term patching roadmap

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement local account lockout policies and require strong passwords for all user accounts on systems running these applications

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: MC Works64: vers:all/*, GENESIS64: <=10.97.3, ICONICS Suite: <=10.97.3, Hyper Historian: <=10.97.3, AnalytiX: <=10.97.3, MobileHMI: <=10.97.3, GENESIS32: <=9.70.300.23. Apply the following compensating controls:

HARDENINGMonitor file access logs for suspicious activity on GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, and MobileHMI directories

CVEs (1)

CVE-2024-7587

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b89e5ab9-63d1-4bf2-8bc6-3ddc6d9d984f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.