PatchSiren cyber security CVE debrief
CVE-2024-11477 Mitsubishi Electric CVE debrief
CVE-2024-11477 is a high-severity issue in Mitsubishi Electric MELSOFT Update Manager where a bundled 7-Zip integer underflow can be triggered when a user decompresses a specially crafted archive. CISA’s advisory says a local authenticated attacker could obtain code execution by getting an authorized user to open the malicious compressed file, with potential impact to confidentiality, integrity, and availability.
- Vendor
- Mitsubishi Electric
- Product
- MELSOFT Update Manager SW1DND-UDM-M
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-03
- Original CVE updated
- 2026-02-05
- Advisory published
- 2025-07-03
- Advisory updated
- 2026-02-05
Who should care
Organizations using Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M, especially OT/engineering workstations, administrators, and users who handle compressed files in environments where the product is installed.
Technical summary
The advisory describes an integer underflow in the 7-Zip component included with MELSOFT Update Manager. Affected versions are >=1.000A and <=1.012N. The reported attack path requires local authenticated access and user interaction: the attacker must get an authorized user to decompress a specially crafted compressed file. The published CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H, which aligns with the stated potential for arbitrary code execution and downstream disclosure, tampering, or denial of service.
Defensive priority
High for any affected installation, particularly on systems that open externally sourced archives or are reachable by multiple users. Update to the fixed release as soon as operationally possible; if update is delayed, apply the vendor’s isolation and access-control mitigations immediately.
Recommended defensive actions
- Update Mitsubishi Electric MELSOFT Update Manager to version 1.013P or later for the affected product.
- If you are outside Japan, contact your local Mitsubishi Electric representative for fixed-version installation guidance.
- Keep affected systems within a LAN and block remote logins from untrusted networks, hosts, and users.
- Use a firewall or VPN and permit only trusted remote access when the affected PC must connect to the internet.
- Restrict physical access to the affected PC and its connected network.
- Do not open untrusted email attachments or click links from untrusted sources on affected systems.
- Install and maintain antivirus software on affected PCs.
- Review the vendor advisory Mitsubishi Electric 2025-006 for product-specific update instructions and mitigations.
Evidence notes
All substantive claims are taken from the supplied CISA CSAF source item for ICSA-25-184-03 and its embedded remediation guidance. The advisory publication date is 2025-07-03 and the latest source modification in the corpus is 2026-02-05; that later modification is a correction/update and not the original issue date. The source states the affected range as >=1.000A and <=1.012N, the fixed version as 1.013P or later, the weakness as an integer underflow in bundled 7-Zip, and the attack prerequisites as local authenticated access plus user interaction.
Official resources
-
CVE-2024-11477 CVE record
CVE.org
-
CVE-2024-11477 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA first republished the advisory on 2025-07-03, with later source revisions on 2026-02-05 labeled Update B and a republication update. The corpus does not indicate KEV listing or known ransomware campaign use.