Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update B)
Plan Patch7.8ICS-CERT ICSA-24-338-04Dec 3, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in Mitsubishi Electric ICONICS and GENESIS software allow local privilege escalation and arbitrary code execution. CVSS 7.8 (high). Affected products include GENESIS32 (all versions, no fix planned), GENESIS64 (all versions, mitigations in 10.97.3+), ICONICS Suite AlarmWorX64 MMX (all versions, mitigations in 10.97.3+), and MC Works64 (all versions, no fix planned). These vulnerabilities stem from improper handling of library loading and permissions in the engineering/HMI environment, allowing a local attacker to execute code with elevated privileges. GENESIS32 is retired and no longer supported; Mitsubishi Electric recommends migration to GENESIS V11. For newer versions, upgrades to 10.97.3 or later include mitigations; MC Works64 requires implementation of published workarounds.
What this means
What could happen
An attacker with local access to a workstation running GENESIS32, GENESIS64, MC Works64, or ICONICS Suite AlarmWorX can execute arbitrary code and take full control of the engineering environment, potentially modifying control logic, setpoints, and process configurations across connected industrial systems.
Who's at risk
Energy sector organizations using ICONICS/Mitsubishi Electric SCADA products are affected. GENESIS32 (version 9, end-of-life) has no fix and is unsupported. GENESIS64, ICONICS Suite AlarmWorX64 MMX, and MC Works64 all versions are vulnerable; only GENESIS64 and AlarmWorX versions 10.97.3+ have mitigations available. This affects engineering workstations and operator consoles where these software packages run on Windows systems managing power distribution, generation, and grid control logic.
How it could be exploited
An attacker with local access to an engineering workstation or operator console running one of the affected products exploits a local privilege escalation or library injection vulnerability to execute arbitrary code with elevated privileges. Once code execution is achieved, the attacker can modify SCADA applications, alter setpoints, disable alarms, or compromise connected PLCs and RTUs.
Prerequisites
- Local access to a workstation or engineer console running affected product
- User privileges on the affected system (low privilege sufficient)
- The affected software running on Windows with vulnerable versions
Local access required (workstation/console compromise needed)Low complexity attack requiring only user-level privilegesNo patch available for GENESIS32 or MC Works64Affects control system engineering environment—potential to modify setpoints and process logicUnsupported end-of-life product (GENESIS32) with no remediation path
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (6)
4 with fix2 EOL
ProductAffected VersionsFix Status
GENESIS64 and ICONICS Suite AlarmWorX Multimedia (AlarmWorX64 MMX): vers:all/*All versions10.97.3
GENESIS64 and ICONICS Suite: 10.97.2|10.97.2|CFR1|10.97.2|CFR2|10.97.310.97.2|10.97.2 CFR1|10.97.2 CFR2|10.97.310.97.3
GENESIS64 and ICONICS Suite: 10.97.2|10.97.2_CFR1|10.97.2_CFR2|10.97.310.97.2|10.97.2 CFR1|10.97.2 CFR2|10.97.310.97.3
GENESIS32: vers:all/*All versionsNo fix (EOL)
GENESIS64 and ICONICS Suite AlarmWorX Multimedia (AlarmWorX64 MMX): vers:all/*All versions10.97.3
MC Works64: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/3WORKAROUNDFor MC Works64 users: implement mitigations described in Mitsubishi Electric security advisory 2024-010
HARDENINGRestrict local access to engineering workstations and operator consoles to authorized personnel only
HARDENINGEnable endpoint protection (antivirus/anti-malware) on all GENESIS and ICONICS workstations
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
GENESIS64 and ICONICS Suite AlarmWorX Multimedia (AlarmWorX64 MMX): vers:all/*
HOTFIXFor AlarmWorX64 MMX users: upgrade to version 10.97.3 or later and follow ICONICS security guidelines (November 2024 edition whitepaper)
All products
HOTFIXFor GENESIS64 and ICONICS Suite users: upgrade to version 10.97.3 or later and follow ICONICS security guidelines (November 2024 edition whitepaper)
HARDENINGApply principle of least privilege: run GENESIS/ICONICS software under standard user accounts rather than administrator accounts where possible
Long-term hardening
0/1HOTFIXFor GENESIS32 users: plan migration to GENESIS V11 (current supported version); implement Mitsubishi Electric mitigations in the interim
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/46f29dff-a297-400b-b083-f999c45a092f