PatchSiren cyber security CVE debrief
CVE-2024-22103 Mitsubishi Electric CVE debrief
CVE-2024-22103 is a local denial-of-service vulnerability affecting 37 Mitsubishi Electric FA engineering software products. If malicious code executes on a computer where affected software is installed, a local attacker can trigger a Windows blue screen error, resulting in denial-of-service. The vulnerability requires local access, low privileges, and user interaction, with high attack complexity. CISA published this advisory on May 14, 2024, with the most recent update (Update E) on January 15, 2026, adding version information to affected product and mitigation sections. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Mitsubishi Electric
- Product
- CPU Module Logging Configuration Tool
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2026-01-15
- Advisory published
- 2024-05-14
- Advisory updated
- 2026-01-15
Who should care
Organizations operating Mitsubishi Electric industrial automation equipment using FA engineering software, particularly manufacturing, energy, and critical infrastructure sectors. Asset owners, OT security teams, and system integrators responsible for maintaining engineering workstations should prioritize patching or migration planning.
Technical summary
CVE-2024-22103 affects 37 Mitsubishi Electric FA engineering software products with a CVSS 3.1 score of 4.4 (MEDIUM). The vulnerability is triggered when malicious code executes on a system with affected software installed, allowing a local attacker with low privileges to cause a Windows blue screen error (BSOD), resulting in denial-of-service. Attack requires local access, high complexity, and user interaction. Affected products span multiple engineering tool categories including PLC programming (GX Works2/3), HMI design (GT Designer3), servo configuration (MR Configurator2), motion control (MT Works2), and communication middleware (MX Component, EZSocket). Multiple products have reached end-of-life without patches available.
Defensive priority
medium
Recommended defensive actions
- Inventory all Mitsubishi Electric FA engineering software installations against the 37 affected products listed in the advisory, including CPU Module Logging Configuration Tool, GX Works2, GX Works3, MX Component, and MT
- Apply vendor-provided updates to affected products: CPU Module Logging Configuration Tool to 1.160S or later; GX Works2 to 1.625B or later; GX Works3 to 1.110Q or later; MX Component to 5.007H or later; MT Works2 to 1.
- For products requiring purchase assistance (CSGL, EZSocket), contact your Mitsubishi Electric place of purchase to obtain updated versions
- For end-of-life products without patches (FR Configurator SW3, GX Developer, MI Configurator, MR Configurator, MX OPC Server DA/UA), evaluate migration to supported successor products or implement compensating controls
- Restrict local access to engineering workstations running affected software to authorized personnel only
- Implement application whitelisting and endpoint protection on engineering workstations to prevent execution of malicious code
- Monitor Windows system events for unexpected blue screen errors on engineering workstations
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
CVE description and affected product list derived from CISA CSAF advisory ICSA-24-135-04. CVSS 3.1 score 4.4 (MEDIUM) with vector AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H. Advisory revision history shows six updates through January 15, 2026.
Official resources
-
CVE-2024-22103 CVE record
CVE.org
-
CVE-2024-22103 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14