CVE-2024-7587 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting Mitsubishi Electric Corporation's GENESIS64 and related industrial automation software products. The issue arises from GenBroker32, a component included in the installers of GENESIS64 versions 10.97.3 and earlier, ICONICS Suite versions 10.97.3 and earlier, GENESIS32 versions 9.70.300.23 and earlier, and all versions of MC Works64. The vulnerability is due to improperly set default permissions on a folder used by GenBroker32 when installed on the same PC as these products. This misconfiguration allows a local attacker with low-level privileges (authenticated user) to access or modify confidential information stored within these folders or cause a denial of service by tampering with critical files. The attack vector is local access with no user interaction required, making it exploitable by any user with an account on the affected system. The vulnerability impacts confidentiality, integrity, and availability, as attackers can read sensitive data, alter configurations or files, or disrupt the operation of the software. The CVSS v3.1 score is 7.8, indicating high severity, with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. No public exploits or active exploitation have been reported yet. The vulnerability affects multiple versions of Mitsubishi Electric's industrial control and automation software widely used in manufacturing and critical infrastructure environments. The root cause is a failure to set secure default permissions during installation, which is a common security oversight in software deployment. This vulnerability highlights the importance of secure configuration management and least privilege principles in industrial control systems.

The impact on European organizations can be significant, especially those operating in industrial automation, manufacturing, energy production, and critical infrastructure sectors where Mitsubishi Electric's GENESIS64 and related products are deployed. Exploitation can lead to unauthorized disclosure of sensitive operational data, manipulation of control system configurations, and denial of service conditions that disrupt industrial processes. Such disruptions can cause production downtime, financial losses, safety hazards, and regulatory compliance issues under frameworks like NIS2 and GDPR if personal or operational data is exposed. The local attack requirement limits remote exploitation but insider threats or compromised user accounts pose a real risk. The high impact on confidentiality, integrity, and availability means that affected organizations could face operational interruptions and damage to reputation. Additionally, the complexity and criticality of industrial control systems mean recovery from such attacks can be costly and time-consuming. The absence of known exploits in the wild provides a window for proactive mitigation before attackers develop weaponized code.

1. Apply patches or updates from Mitsubishi Electric as soon as they become available to correct the default permission settings. 2. Until patches are released, perform manual audits of folder permissions related to GenBroker32 and associated software components, ensuring that only authorized system accounts have access. 3. Restrict local user accounts on systems running GENESIS64 and related products to the minimum necessary privileges, enforcing the principle of least privilege. 4. Implement strict access controls and monitoring on systems hosting these applications to detect unauthorized access or tampering attempts. 5. Use endpoint detection and response (EDR) solutions to monitor for suspicious local activity indicative of exploitation attempts. 6. Conduct regular security awareness training for personnel with access to these systems to reduce insider threat risks. 7. Segment and isolate industrial control systems from general IT networks to limit lateral movement opportunities. 8. Maintain comprehensive backups and incident response plans tailored to industrial control environments to enable rapid recovery. 9. Review and harden installation procedures to prevent recurrence of insecure default permissions in future deployments. 10. Collaborate with Mitsubishi Electric support and security advisories to stay informed of updates and best practices.