CVE-2024-8299: CWE-427 Uncontrolled Search Path Element in Mitsubishi Electric Corporation GENESIS64
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
AI Analysis
Technical Summary
This vulnerability (CVE-2024-8299) involves an uncontrolled search path element in Mitsubishi Electric GENESIS64 (versions 10.97.3 and prior), ICONICS Suite, Hyper Historian, GENESIS32, MC Works64, and related products. It allows a local authenticated attacker to execute arbitrary code by placing a malicious DLL in a specific folder that the software loads from. The impact includes potential data disclosure, tampering, destruction, deletion, or denial of service. The CVSS 3.1 score is 7.8 (High), reflecting local attack vector with low complexity, requiring privileges, no user interaction, and high impact on confidentiality, integrity, and availability. A patch is available from the vendor to remediate this vulnerability.
Potential Impact
Successful exploitation allows a local authenticated attacker to execute arbitrary code via DLL hijacking, leading to potential disclosure, tampering, destruction, or deletion of information, or causing denial of service in affected Mitsubishi Electric products. The impact affects confidentiality, integrity, and availability at a high level.
Mitigation Recommendations
An official patch is available to address this vulnerability. Users should apply the vendor-provided updates to affected Mitsubishi Electric GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 products to remediate the issue. Since this is not a cloud service, remediation depends on applying the patch locally. No vendor advisory content contradicts this guidance.
CVE-2024-8299: CWE-427 Uncontrolled Search Path Element in Mitsubishi Electric Corporation GENESIS64
Description
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2024-8299) involves an uncontrolled search path element in Mitsubishi Electric GENESIS64 (versions 10.97.3 and prior), ICONICS Suite, Hyper Historian, GENESIS32, MC Works64, and related products. It allows a local authenticated attacker to execute arbitrary code by placing a malicious DLL in a specific folder that the software loads from. The impact includes potential data disclosure, tampering, destruction, deletion, or denial of service. The CVSS 3.1 score is 7.8 (High), reflecting local attack vector with low complexity, requiring privileges, no user interaction, and high impact on confidentiality, integrity, and availability. A patch is available from the vendor to remediate this vulnerability.
Potential Impact
Successful exploitation allows a local authenticated attacker to execute arbitrary code via DLL hijacking, leading to potential disclosure, tampering, destruction, or deletion of information, or causing denial of service in affected Mitsubishi Electric products. The impact affects confidentiality, integrity, and availability at a high level.
Mitigation Recommendations
An official patch is available to address this vulnerability. Users should apply the vendor-provided updates to affected Mitsubishi Electric GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 products to remediate the issue. Since this is not a cloud service, remediation depends on applying the patch locally. No vendor advisory content contradicts this guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Mitsubishi
- Date Reserved
- 2024-08-29T06:26:34.979Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6960b131ecefc3cd7c0f7d27
Added to database: 1/9/2026, 7:41:37 AM
Last enriched: 4/9/2026, 10:12:49 PM
Last updated: 5/10/2026, 12:46:26 AM
Views: 106
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.