Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

Monitor7.8ICS-CERT ICSA-24-296-01Oct 22, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Improper file permissions in Mitsubishi Electric ICONICS Digital Solutions GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI, GENESIS32, and Mitsubishi Electric MC Works64 allow a local user with valid credentials to read or modify sensitive files and configurations outside their intended privilege level. This could lead to disclosure of confidential information, tampering with process data or setpoints, or denial-of-service conditions affecting SCADA/HMI operations.

What this means

What could happen

An attacker with local access could read sensitive configuration data, modify process parameters or historical data, or cause the HMI/SCADA system to become unavailable, disrupting visibility and control over industrial processes.

Who's at risk

Water and electric utilities using Mitsubishi Electric or ICONICS HMI/SCADA systems (GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI, GENESIS32, or MC Works64) should care about this issue. It impacts any organization where engineering or operations staff interact with these products on networked workstations or servers.

How it could be exploited

An attacker with local user credentials on a workstation running one of these products could exploit improper file permissions to access or modify files outside their intended privilege level, potentially reading engineering configurations, tampering with setpoints, or corrupting the application.

Prerequisites

Local access to affected workstation or server
Valid user credentials on the system
One of the affected ICONICS or Mitsubishi Electric products installed and running

No authentication required for exploitation (local privilege escalation)Low attack complexityNo patch available for affected versionsAffects SCADA/HMI control visibility and data integrityHigh CVSS score (7.8)Multiple affected products in widespread use

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (7)

7 EOL

ProductAffected VersionsFix Status

MC Works64: vers:all/*All versionsNo fix (EOL)

GENESIS64: <=10.97.3≤ 10.97.3No fix (EOL)

ICONICS Suite: <=10.97.3≤ 10.97.3No fix (EOL)

Hyper Historian: <=10.97.3≤ 10.97.3No fix (EOL)

AnalytiX: <=10.97.3≤ 10.97.3No fix (EOL)

MobileHMI: <=10.97.3≤ 10.97.3No fix (EOL)

GENESIS32: <=9.70.300.23≤ 9.70.300.23No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local user access on workstations and servers running GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, or MobileHMI to only authorized engineering and operations staff

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXContact Mitsubishi Electric Iconics Digital Solutions or Mitsubishi Electric for security updates; check https://iconicsinc.my.site.com/community/ and https://www.mitsubishielectric.com/en/psirt/vulnerability/ for patch availability and rollup release information

HARDENINGReview and restrict file system permissions on affected systems to follow the principle of least privilege; ensure non-administrative users cannot access sensitive configuration or historical data directories

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: MC Works64: vers:all/*, GENESIS64: <=10.97.3, ICONICS Suite: <=10.97.3, Hyper Historian: <=10.97.3, AnalytiX: <=10.97.3, MobileHMI: <=10.97.3, GENESIS32: <=9.70.300.23. Apply the following compensating controls:

HARDENINGImplement access controls and physical security measures to prevent unauthorized local access to servers and engineering workstations

CVEs (1)

CVE-2024-7587

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b89e5ab9-63d1-4bf2-8bc6-3ddc6d9d984f