PatchSiren cyber security CVE debrief
CVE-2024-22106 Mitsubishi Electric CVE debrief
CVE-2024-22106 is a local privilege escalation and denial-of-service vulnerability affecting 37 Mitsubishi Electric FA engineering software products. Published on 2024-05-14 and last modified on 2026-01-15 (Update E), this vulnerability requires an attacker to already execute malicious code on the target system. Successful exploitation can trigger a Windows blue screen error (denial-of-service) or grant Windows system privileges for arbitrary command execution. The CVSS 3.1 score of 6.0 (MEDIUM) reflects the high attack complexity and required user interaction. CISA has issued multiple advisory updates through January 2026, adding version-specific mitigation details across the extensive affected product portfolio. No known exploitation in ransomware campaigns has been reported.
- Vendor
- Mitsubishi Electric
- Product
- CPU Module Logging Configuration Tool
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2026-01-15
- Advisory published
- 2024-05-14
- Advisory updated
- 2026-01-15
Who should care
Industrial automation engineers, OT security teams, manufacturing security operations, and organizations using Mitsubishi Electric FA engineering software for PLC, HMI, or motion control system programming and maintenance
Technical summary
CVE-2024-22106 affects 37 Mitsubishi Electric FA engineering software products including GX Works2/3, GT Designer3, MX Component, and various configuration tools. The vulnerability is triggered when malicious code executes on a system with affected software installed. Attack vectors are local with high complexity, requiring low privileges and user interaction. Impact includes denial-of-service via Windows blue screen or complete system compromise through privilege escalation to Windows system level. CVSS 3.1: 6.0 (MEDIUM). Multiple vendor fixes and mitigations available with specific version requirements per product.
Defensive priority
medium
Recommended defensive actions
- Inventory all Mitsubishi Electric FA engineering software installations and compare versions against the affected product list in CISA advisory ICSA-24-135-04
- Apply vendor-provided updates to affected products: CPU Module Logging Configuration Tool to 1.160S+, CW Configurator to 1.020W+, Data Transfer to 3.59M+, Data Transfer Classic to 1.01B+, FR Configurator2 to 1.33K+, GT系列
- SoftGOT1000 to 3.315D+, GT SoftGOT2000 to 1.320J+, GX LogViewer to 1.160S+, GX Works2 to 1.625B+, GX Works3 to 1.110Q+, MR Configurator2 to 1.155M+, and others as specified
- For products without direct updates available (CSGL, EZSocket, FR Configurator SW3, GX Developer, MI Configurator, MR Configurator, MX OPC Server DA/UA), contact Mitsubishi Electric place of purchase for assistance
- Consider migrating GENESIS64 and ICONICS Suite to GENESIS version 11 or later as successor product
- Implement application whitelisting and least-privilege execution policies on engineering workstations to prevent initial malicious code execution
- Segment engineering workstations from operational networks and restrict removable media usage
- Monitor Windows system logs for unexpected privilege escalation attempts or blue screen events on affected systems
Evidence notes
Source: CISA CSAF advisory ICSA-24-135-04 (Update E, 2026-01-15). CVSS 3.1 vector: AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H. Affected product count: 37. Not listed in CISA KEV.
Official resources
-
CVE-2024-22106 CVE record
CVE.org
-
CVE-2024-22106 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14