CVE-2024-1574: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Mitsubishi Electric Iconics Digital Solutions GENESIS64
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
AI Analysis
Technical Summary
This vulnerability (CVE-2024-1574) involves unsafe reflection (CWE-470) in the licensing feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 and several related products. It allows a local attacker with low privileges to execute arbitrary code with administrative rights by modifying a specific file that lacks proper protection. The affected versions include GENESIS64 and other products up to version 10.97.2. The CVSS 3.1 base score is 6.7, reflecting a medium severity with local attack vector, high attack complexity, low privileges required, and user interaction needed. The vulnerability impacts confidentiality, integrity, and availability. A patch is available from the vendor to remediate this issue.
Potential Impact
Successful exploitation allows a local attacker to execute malicious code with administrative privileges by tampering with an unprotected file in the licensing feature. This can lead to full system compromise affecting confidentiality, integrity, and availability of the affected systems. The attack requires local access and user interaction, and has high attack complexity.
Mitigation Recommendations
A patch is available for this vulnerability. It is recommended to apply the official vendor updates to affected Mitsubishi Electric Iconics Digital Solutions products at or below version 10.97.2. Since the vulnerability requires local access and file tampering, ensure that file system permissions are properly configured to restrict unauthorized modifications. Monitor vendor advisories for the latest patch information and apply updates promptly.
CVE-2024-1574: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Mitsubishi Electric Iconics Digital Solutions GENESIS64
Description
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2024-1574) involves unsafe reflection (CWE-470) in the licensing feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 and several related products. It allows a local attacker with low privileges to execute arbitrary code with administrative rights by modifying a specific file that lacks proper protection. The affected versions include GENESIS64 and other products up to version 10.97.2. The CVSS 3.1 base score is 6.7, reflecting a medium severity with local attack vector, high attack complexity, low privileges required, and user interaction needed. The vulnerability impacts confidentiality, integrity, and availability. A patch is available from the vendor to remediate this issue.
Potential Impact
Successful exploitation allows a local attacker to execute malicious code with administrative privileges by tampering with an unprotected file in the licensing feature. This can lead to full system compromise affecting confidentiality, integrity, and availability of the affected systems. The attack requires local access and user interaction, and has high attack complexity.
Mitigation Recommendations
A patch is available for this vulnerability. It is recommended to apply the official vendor updates to affected Mitsubishi Electric Iconics Digital Solutions products at or below version 10.97.2. Since the vulnerability requires local access and file tampering, ensure that file system permissions are properly configured to restrict unauthorized modifications. Monitor vendor advisories for the latest patch information and apply updates promptly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Mitsubishi
- Date Reserved
- 2024-02-16T01:30:45.960Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 695f9d8ec901b06321e41284
Added to database: 1/8/2026, 12:05:34 PM
Last enriched: 4/9/2026, 10:13:45 PM
Last updated: 5/9/2026, 10:04:03 AM
Views: 138
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.