CVE-2024-1182 is an Uncontrolled Search Path Element vulnerability (CWE-427) identified in Mitsubishi Electric Iconics Digital Solutions products including GENESIS64, GENESIS32, ICONICS Suite, and MC Works64, all versions. The vulnerability arises from the software's improper handling of DLL search paths when the Pager agent component is installed and used for alarm multi-agent notifications. Specifically, the software loads DLLs from directories that can be influenced by a local attacker, who can place a maliciously crafted DLL in these directories. When the software loads this DLL, it executes the attacker's code with the privileges of the affected process. This attack requires local access with low privileges but does not require user interaction, making it a significant risk in environments where multiple users have access or where an attacker can gain limited local access. The vulnerability affects confidentiality, integrity, and availability since arbitrary code execution can lead to data theft, manipulation, or disruption of industrial control processes. The CVSS 3.1 vector indicates a local attack vector (AV:L), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently in the wild, and no patches have been released, increasing the urgency for organizations to implement mitigations.

For European organizations, especially those in critical infrastructure sectors such as manufacturing, energy, and utilities that rely on Mitsubishi Electric Iconics Digital Solutions products for industrial automation and SCADA systems, this vulnerability poses a significant risk. Successful exploitation could allow local attackers to execute arbitrary code, potentially leading to sabotage, data theft, or disruption of industrial processes. This could result in operational downtime, safety hazards, financial losses, and regulatory non-compliance. Given the high impact on confidentiality, integrity, and availability, the vulnerability could be leveraged to compromise sensitive operational data or disrupt critical services. The requirement for local access limits remote exploitation but does not eliminate risk in environments with multiple users or where attackers can gain foothold through other means. The lack of available patches increases exposure time, necessitating immediate compensating controls.

1. Restrict local access to systems running affected Mitsubishi Electric Iconics Digital Solutions products, ensuring only trusted administrators have access. 2. Implement strict file system permissions on directories used by the Pager agent and related components to prevent unauthorized DLL placement. 3. Use application whitelisting to restrict execution of unauthorized DLLs or binaries. 4. Monitor file system changes in relevant directories for suspicious activity. 5. Employ endpoint detection and response (EDR) tools to detect anomalous process behaviors indicative of DLL hijacking. 6. Isolate critical industrial control systems from general IT networks to reduce the risk of local attacker presence. 7. Regularly audit and review user privileges and access controls on affected systems. 8. Engage with Mitsubishi Electric for updates and apply patches as soon as they become available. 9. Consider deploying host-based intrusion prevention systems (HIPS) that can block unauthorized DLL loading. 10. Educate local users and administrators about the risks of local privilege escalation and the importance of maintaining system hygiene.