PatchSiren cyber security CVE debrief
CVE-2024-22105 Mitsubishi Electric CVE debrief
CVE-2024-22105 is a local denial-of-service vulnerability affecting 37 Mitsubishi Electric FA engineering software products. If malicious code executes on a computer where affected software is installed, a local attacker can trigger a Windows blue screen error, resulting in denial-of-service. The vulnerability requires local access, low privileges, and user interaction, with high attack complexity. CISA published this advisory on May 14, 2024, with the most recent update (Update E) on January 15, 2026, adding version information to affected product and mitigation sections. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Mitsubishi Electric
- Product
- CPU Module Logging Configuration Tool <=1.154L
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2026-01-15
- Advisory published
- 2024-05-14
- Advisory updated
- 2026-01-15
Who should care
OT/ICS security teams, manufacturing engineers, plant operators using Mitsubishi Electric automation software, asset owners in critical infrastructure sectors (energy, water, manufacturing), and procurement teams managing industrial software lifecycles
Technical summary
This vulnerability exists in the driver components of Mitsubishi Electric's FA engineering software suite. When malicious code executes locally on a system with affected software installed, it can trigger a Windows kernel panic (blue screen of death). The vulnerability requires: local attack vector, high attack complexity, low privileges, and user interaction. No confidentiality or integrity impact; availability impact is high. CVSS 3.1 score: 4.4 (Medium). The attack surface is limited to local execution contexts, making exploitation dependent on prior compromise or malicious insider access.
Defensive priority
medium
Recommended defensive actions
- Inventory all Mitsubishi Electric FA engineering software installations across OT/ICS environments and compare against the 37 affected product list in CISA advisory ICSA-24-135-04
- Apply vendor-provided updates to affected products: CPU Module Logging Configuration Tool to 1.160S+, CW Configurator to 1.020W+, Data Transfer to 3.59M+, FR Configurator2 to 1.33K+, GT SoftGOT1000 to 3.315D+, GT SoftGOT
- 2000 to 1.320J+, GX LogViewer to 1.160S+, GX Works2 to 1.625B+, GX Works3 to 1.110Q+, MR Configurator2 to 1.155M+
- For products requiring purchase contact (CSGL, EZSocket), coordinate with Mitsubishi Electric representatives to obtain updated versions
- For end-of-life products without patches (FR Configurator SW3, GX Developer, MI Configurator, MR Configurator, MX OPC Server DA/UA), implement compensating controls: restrict local access, application whitelisting, and
- network segmentation
- Implement defense-in-depth strategies for ICS environments per CISA recommended practices
- Restrict local code execution through endpoint protection and least-privilege access controls
Evidence notes
Source: CISA CSAF advisory ICSA-24-135-04 (Update E). CVSS 3.1 vector: AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H. Affected products span Mitsubishi Electric's entire FA engineering software portfolio including GX Works2, GX Works3, GT Designer3, MX Component, and 33 additional products.
Official resources
-
CVE-2024-22105 CVE record
CVE.org
-
CVE-2024-22105 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Mitsubishi Electric disclosed this vulnerability through CISA's ICS advisory process. The advisory has undergone six revisions since initial publication, with Update E released January 15, 2026, providing additional version-specific patch