This vulnerability (CVE-2024-1182) is classified as CWE-427, indicating an Uncontrolled Search Path Element issue in Mitsubishi Electric Iconics Digital Solutions products. It affects GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 when installed with the Pager agent for alarm multi-agent notifications. A local attacker can exploit this by placing a malicious DLL in a specific folder, leading to arbitrary code execution. The vulnerability impacts versions 10.97.3 and earlier for most products and all versions for MC Works64. The CVSS 3.1 score is 7.0, reflecting high impact on confidentiality, integrity, and availability. A patch is available to remediate this vulnerability.

Successful exploitation allows a local attacker with low privileges to execute arbitrary code with the privileges of the affected application. This can lead to full compromise of the affected system's confidentiality, integrity, and availability. The vulnerability specifically impacts systems running affected versions of Mitsubishi Electric Iconics Digital Solutions products with the Pager agent enabled.

A patch is available for this vulnerability. It is recommended to apply the official update from Mitsubishi Electric Iconics Digital Solutions to affected products at the earliest opportunity. Since this is not a cloud service, remediation requires updating the installed software versions. No vendor advisory content contradicts this; therefore, patching is the primary mitigation.