PatchSiren cyber security CVE debrief
CVE-2024-1573 Mitsubishi Electric Iconics Digital Solutions CVE debrief
An authentication bypass vulnerability exists in the mobile monitoring feature of Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric products. The vulnerability occurs when four specific conditions are simultaneously met: Active Directory is used in security settings, the 'Automatic log in' option is enabled, the IcoAnyGlass IIS Application Pool runs under an Active Directory Domain Account, and that account has login permissions in GENESIS64 and MC Works64 Security. A remote unauthenticated attacker can exploit this to bypass authentication and gain system access. The vulnerability was initially published on July 2, 2024, and has been updated multiple times, most recently on April 7, 2026 (Update D), which added Hyper Historian, AnalytiX, and MobileHMI to affected products. The CVSS 3.1 score is 5.9 (Medium severity).
- Vendor
- Mitsubishi Electric Iconics Digital Solutions
- Product
- ICONICS Suite (<=10.97.2)
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-02
- Original CVE updated
- 2026-04-07
- Advisory published
- 2024-07-02
- Advisory updated
- 2026-04-07
Who should care
Organizations using Mitsubishi Electric Iconics Digital Solutions or Mitsubishi Electric industrial control systems with mobile monitoring features enabled, particularly those with Active Directory integration and automatic login configurations. Critical infrastructure operators, manufacturing facilities, and industrial automation environments deploying GENESIS64, MC Works64, or related ICONICS Suite products.
Technical summary
The vulnerability stems from missing authentication for critical function (CWE-306) in the mobile monitoring feature. When the IcoAnyGlass IIS Application Pool runs under an Active Directory Domain Account with automatic login enabled, the system fails to properly authenticate remote users, allowing unauthenticated access. The attack vector is network-based with high attack complexity. No confidentiality impact, high integrity impact, no availability impact. Affected versions include ICONICS Suite, GENESIS64, Hyper Historian, AnalytiX, and MobileHMI 10.97.2 and earlier; IoTWorX 10.95; and all versions of MC Works64.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade affected products to version 10.97.3 or later where vendor fixes are available (GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI, IoTWorX)
- For MC Works64, which has no planned security update, ensure at least one of the four vulnerability conditions is not met in security settings
- Place control system networks and devices behind firewalls and isolate from untrusted networks
- Restrict physical access to systems running affected products
- Prevent users from clicking web links or opening attachments from untrusted sources
- Review and modify security settings to disable 'Automatic log in' option or reconfigure IcoAnyGlass IIS Application Pool to not use Active Directory Domain Account
- Monitor for unauthorized access attempts to mobile monitoring features
Evidence notes
CISA ICS Advisory ICSA-24-184-03 (Update D) published 2024-07-02, modified 2026-04-07. SSVCv2 assessment: E:N/A:Y/T:T/2026-04-07T00:00:00Z/. CWE-306: Missing Authentication for Critical Function.
Official resources
-
CVE-2024-1573 CVE record
CVE.org
-
CVE-2024-1573 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-02