PatchSiren cyber security CVE debrief
CVE-2024-22104 Mitsubishi Electric CVE debrief
A local denial-of-service vulnerability in Mitsubishi Electric FA engineering software products allows an attacker with low privileges to trigger a Windows blue screen error by executing malicious code on a system where affected software is installed. The vulnerability requires high attack complexity and user interaction, limiting its exploitability but presenting a risk to operational continuity in industrial control environments.
- Vendor
- Mitsubishi Electric
- Product
- CPU Module Logging Configuration Tool
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2026-01-15
- Advisory published
- 2024-05-14
- Advisory updated
- 2026-01-15
Who should care
Organizations operating Mitsubishi Electric industrial automation systems, particularly manufacturing facilities, critical infrastructure operators, and system integrators using MELSEC, GOT, or MR-J series equipment with associated engineering software.
Technical summary
The vulnerability exists in 37 Mitsubishi Electric FA engineering software products including GX Works2, GX Works3, GT Designer3, MX Component, and various configuration tools. A local attacker with low privileges can execute malicious code to trigger a Windows blue screen (BSOD), causing denial-of-service. The attack requires high complexity and user interaction, with no impact to confidentiality or integrity. CVSS 3.1 score is 4.4 (Medium). Multiple product-specific patches are available; some products require contacting the vendor for update assistance.
Defensive priority
medium
Recommended defensive actions
- Inventory all Mitsubishi Electric FA engineering software installations across engineering workstations and identify specific product versions in use
- Apply vendor-provided updates to affected products: CPU Module Logging Configuration Tool to 1.160S or later, GX Works3 to 1.110Q or later, GX Works2 to 1.625B or later, and other products per vendor guidance
- For products without direct updates available (CSGL, EZSocket), contact your Mitsubishi Electric place of purchase for assistance obtaining patched versions
- Restrict local administrative access on engineering workstations to reduce attack surface for local privilege exploitation
- Implement application whitelisting on engineering workstations to prevent execution of unauthorized code
- Segment engineering workstations from operational networks where possible to contain potential DoS impacts
- Monitor Windows system event logs for unexpected blue screen errors on systems running affected Mitsubishi Electric software
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
CISA published advisory ICSA-24-135-04 on 2024-05-14 with initial disclosure. The advisory has been updated six times, most recently on 2026-01-15 (Update E), adding version-specific mitigation details across 37 affected products. CVSS 3.1 vector confirms local attack vector with high complexity and user interaction requirements.
Official resources
-
CVE-2024-22104 CVE record
CVE.org
-
CVE-2024-22104 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14