CVE-2024-9852: CWE-427 Uncontrolled Search Path Element in Mitsubishi Electric Corporation GENESIS64
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
AI Analysis
Technical Summary
This vulnerability (CWE-427) exists in Mitsubishi Electric GENESIS64 (versions 10.97.3 and prior) and several related products. It involves an uncontrolled search path element that permits a local authenticated attacker to execute arbitrary code by storing a malicious DLL in a targeted directory. The impact includes potential confidentiality, integrity, and availability compromises such as information disclosure, data tampering, data destruction, or denial of service. The CVSS 3.1 base score is 7.8, reflecting high severity with low attack complexity but requiring local privileges. A patch is available to address this vulnerability.
Potential Impact
An attacker with local authenticated access can execute arbitrary code by exploiting the uncontrolled search path element, potentially leading to full compromise of affected systems. This includes unauthorized disclosure, modification, or destruction of data, and denial of service conditions impacting system availability.
Mitigation Recommendations
A patch is available for this vulnerability. It is recommended to apply the official fix from Mitsubishi Electric Corporation to affected products running GENESIS64 versions 10.97.3 and prior and related software. No additional mitigation steps are specified beyond applying the patch.
CVE-2024-9852: CWE-427 Uncontrolled Search Path Element in Mitsubishi Electric Corporation GENESIS64
Description
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-427) exists in Mitsubishi Electric GENESIS64 (versions 10.97.3 and prior) and several related products. It involves an uncontrolled search path element that permits a local authenticated attacker to execute arbitrary code by storing a malicious DLL in a targeted directory. The impact includes potential confidentiality, integrity, and availability compromises such as information disclosure, data tampering, data destruction, or denial of service. The CVSS 3.1 base score is 7.8, reflecting high severity with low attack complexity but requiring local privileges. A patch is available to address this vulnerability.
Potential Impact
An attacker with local authenticated access can execute arbitrary code by exploiting the uncontrolled search path element, potentially leading to full compromise of affected systems. This includes unauthorized disclosure, modification, or destruction of data, and denial of service conditions impacting system availability.
Mitigation Recommendations
A patch is available for this vulnerability. It is recommended to apply the official fix from Mitsubishi Electric Corporation to affected products running GENESIS64 versions 10.97.3 and prior and related software. No additional mitigation steps are specified beyond applying the patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Mitsubishi
- Date Reserved
- 2024-10-11T01:20:49.722Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6960b130ecefc3cd7c0f7cee
Added to database: 1/9/2026, 7:41:36 AM
Last enriched: 4/9/2026, 10:12:55 PM
Last updated: 5/9/2026, 9:55:52 AM
Views: 99
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.