CVE-2024-1573 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, ICONICS Suite versions 10.97 to 10.97.2, and all versions of MC Works64. The flaw arises in the mobile monitoring feature when the system is configured to use Active Directory for security, the 'Automatic log in' option is enabled, and the IcoAnyGlass IIS Application Pool runs under an Active Directory Domain Account that has login permissions within the GENESIS64 or MC Works64 security framework. Under these conditions, a remote attacker can bypass authentication entirely and gain unauthorized access to the system. The vulnerability does not require user interaction or prior authentication, but exploitation complexity is high due to the specific configuration prerequisites. The attack vector is network-based (AV:N), with high attack complexity (AC:H), no privileges required (PR:N), and no user interaction (UI:N). The impact primarily affects integrity (I:H) by allowing unauthorized system access, but confidentiality (C:N) and availability (A:N) remain unaffected. No public exploits have been reported yet, and no patches are currently linked, indicating a need for vigilance and configuration review by users of affected products.

For European organizations, particularly those in industrial automation, manufacturing, and critical infrastructure sectors using Mitsubishi Electric Iconics Digital Solutions, this vulnerability poses a risk of unauthorized access to control and monitoring systems. The integrity of operational data and control commands can be compromised, potentially leading to manipulation of industrial processes or falsification of monitoring data. While confidentiality and availability are not directly impacted, unauthorized access could facilitate further attacks or insider threats. The reliance on Active Directory and IIS Application Pool configurations means organizations with complex domain environments are at higher risk. Disruption or manipulation of industrial control systems could have cascading effects on production, safety, and compliance with regulatory requirements such as NIS2 in the EU. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits targeting these specific configurations.

European organizations should immediately audit their GENESIS64, ICONICS Suite, and MC Works64 deployments to verify if the affected versions (10.97 to 10.97.2) are in use. Key mitigation steps include: 1) Disable the 'Automatic log in' option in the security settings to prevent bypassing authentication. 2) Review and restrict the permissions of the IcoAnyGlass IIS Application Pool account, ensuring it is not unnecessarily included in GENESIS64 or MC Works64 security groups with login rights. 3) Consider running the IIS Application Pool under a non-Active Directory account or one with minimal privileges. 4) Implement network segmentation and strict firewall rules to limit access to the IIS Application Pool endpoints. 5) Monitor logs for unusual login attempts or access patterns related to the mobile monitoring feature. 6) Engage with Mitsubishi Electric for official patches or updates and apply them promptly once available. 7) Conduct regular security assessments of Active Directory integration and IIS configurations to detect misconfigurations that could facilitate exploitation.