PatchSiren cyber security CVE debrief
CVE-2024-9852 Mitsubishi Electric Iconics Digital Solutions CVE debrief
A malicious code execution vulnerability exists in the FAX agent of the multi-agent notification feature across multiple Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions products. The vulnerability stems from an uncontrolled search path element (CWE-427) that could allow an attacker to execute arbitrary code. The issue affects all versions of MC Works64 and GENESIS32 unconditionally, as well as GENESIS64 and ICONICS Suite versions 10.97.2 and prior. For GENESIS64 and ICONICS Suite versions 10.97.3 and later, only installations that include the multi-agent notification feature are affected. CISA published this advisory on December 3, 2024, with subsequent updates through April 7, 2026 (Update C) that added affected products and fixed version information. The SSVCv2 score indicates no evidence of active exploitation (E:N), no automatable attack vector (A:N), and total technical impact (T:T).
- Vendor
- Mitsubishi Electric Iconics Digital Solutions
- Product
- GENESIS64
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-03
- Original CVE updated
- 2026-04-07
- Advisory published
- 2024-12-03
- Advisory updated
- 2026-04-07
Who should care
Organizations operating Mitsubishi Electric or ICONICS industrial control systems, particularly those in manufacturing, energy, water/wastewater, and building automation sectors using GENESIS64, GENESIS32, MC Works64, or ICONICS Suite with notification features enabled. Security teams responsible for OT/ICS environments should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the FAX agent component of the multi-agent notification feature. An uncontrolled search path element allows for potential malicious code execution. The attack requires local access (AV:L) with low privileges (PR:L) and no user interaction (UI:N), but successful exploitation yields high impact across confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability is not automatable per SSVCv2 assessment. For GENESIS64 and ICONICS Suite, version 10.98+ removes the vulnerable FAX agent for users who do not require it. MC Works64 and GENESIS32 have no planned fixes; mitigation requires feature removal or network access restrictions.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade GENESIS64 or ICONICS Suite to version 10.98 or later if FAX agent functionality is not required
- Uninstall the multi-agent notification feature if not needed
- If multi-agent notification is required but FAX agent is not, perform custom installation and skip FAX agent installation
- If FAX agent must be installed, enable Windows Fax and Scan feature in Microsoft Windows
- Restrict network access to affected systems by blocking remote login from untrusted networks, hosts, and users
- Use firewalls or VPNs to prevent unauthorized access when connecting affected systems to the Internet
- Restrict physical access to systems running affected products
- Train users to avoid clicking web links or opening attachments in emails from untrusted sources
Evidence notes
Source: CISA CSAF advisory ICSA-24-338-04 (Update C, published 2024-12-03, modified 2026-04-07). CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. CWE-427 (Uncontrolled Search Path Element). Affected products: GENESIS64 ≤10.97.3, ICONICS Suite ≤10.97.3, MC Works64 all versions, GENESIS32 all versions, Hyper Historian ≤10.97.3. Fixed version: 10.98 or later for GENESIS64/ICONICS Suite users not requiring FAX agent. No fix planned for MC Works64, GENESIS32, or FAX agent functionality.
Official resources
-
CVE-2024-9852 CVE record
CVE.org
-
CVE-2024-9852 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-03