Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64.

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

OR
     *cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* versions up to (including) 10.97.3
     *cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*

https://jvn.jp/vu/JVNVU95548104 No Types Assigned

https://jvn.jp/vu/JVNVU95548104 Mitigation, Third Party Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 No Types Assigned

https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 Third Party Advisory, US Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf No Types Assigned

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf Vendor Advisory

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64.

Mitsubishi Electric Corporation AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Mitsubishi Electric Corporation CWE-276

Mitsubishi Electric Corporation https://jvn.jp/vu/JVNVU95548104 [No types assigned]

Mitsubishi Electric Corporation https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 [No types assigned]

Mitsubishi Electric Corporation https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf [No types assigned]