CVE-2024-1573 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 through 10.97.2, ICONICS Suite versions 10.97 through 10.97.2, and all versions of MC Works64. The flaw resides in the mobile monitoring feature, where an attacker can bypass authentication and gain unauthorized access remotely if certain conditions are met. These conditions include the use of Active Directory in the security settings, enabling the “Automatic log in” option, running the IcoAnyGlass IIS Application Pool under an Active Directory Domain Account, and that account having login permissions within GENESIS64 or MC Works64 security configurations. The vulnerability allows an unauthenticated remote attacker to log in without credentials, compromising system integrity by potentially manipulating or controlling industrial processes monitored or managed by these systems. The CVSS v3.1 base score is 5.9 (medium severity), reflecting network attack vector, high attack complexity, no privileges required, no user interaction, and impact limited to integrity. No exploits have been reported in the wild yet, but the conditions for exploitation are specific and relate to particular configurations involving Active Directory and IIS application pools. This vulnerability is critical in environments where GENESIS64 and related products are used for industrial automation, building management, or critical infrastructure monitoring, as unauthorized access could lead to manipulation of control systems or data. The lack of authentication on a critical function exposes these systems to potential sabotage or operational disruption if exploited.

For European organizations, especially those in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a significant risk to operational integrity. Unauthorized access could allow attackers to alter control parameters, disrupt monitoring, or manipulate system behavior, potentially leading to safety hazards, production downtime, or regulatory non-compliance. Since the vulnerability requires specific Active Directory and IIS configurations, organizations using these Microsoft technologies in conjunction with Mitsubishi Electric Iconics products are at higher risk. The impact is primarily on system integrity, with no direct confidentiality or availability impact noted. However, integrity compromises in industrial control systems can cascade into safety incidents or operational failures. European organizations with complex IT/OT integration environments must assess their exposure carefully. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially given the medium CVSS score and the critical nature of affected systems.

1. Immediately review and disable the “Automatic log in” option in the security settings of GENESIS64, ICONICS Suite, and MC Works64 where applicable. 2. Audit the IcoAnyGlass IIS Application Pool configuration to ensure it does not run under an Active Directory Domain Account with unnecessary permissions. 3. Restrict the IIS Application Pool account’s permissions in GENESIS64 and MC Works64 security settings to the minimum necessary, ideally removing login permissions if not required. 4. Implement network segmentation and access controls to limit exposure of the affected systems to untrusted networks. 5. Monitor logs for unusual login attempts or access patterns related to the mobile monitoring feature. 6. Engage with Mitsubishi Electric Iconics for any forthcoming patches or updates addressing this vulnerability and apply them promptly. 7. Conduct a thorough security review of Active Directory integration and authentication mechanisms in industrial control systems to prevent similar misconfigurations. 8. Educate system administrators on the risks of enabling automatic login features in critical industrial applications.