PatchSiren cyber security CVE debrief
CVE-2024-3904 Mitsubishi Electric CVE debrief
A local code execution vulnerability in Mitsubishi Electric MI5122-VW industrial PC firmware allows authenticated attackers with local access to achieve arbitrary code execution by placing malicious files in a specific directory. The vulnerability affects firmware versions 05 through 07 and carries a CVSS 3.1 score of 8.8 (High severity). Successful exploitation enables full compromise of confidentiality, integrity, and availability of the industrial control system, with potential for information disclosure, data destruction, or denial-of-service conditions. The attack requires low attack complexity and local access, but no user interaction, with scope change indicating impact beyond the vulnerable component.
- Vendor
- Mitsubishi Electric
- Product
- MI5122-VW Firmware
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-07-09
- Advisory updated
- 2024-07-09
Who should care
Industrial control system operators, OT security teams, manufacturing security engineers, and organizations using Mitsubishi Electric MELIPC MI5122-VW industrial PCs in production environments. Critical for sectors including manufacturing, energy, and critical infrastructure where these devices manage physical processes.
Technical summary
The vulnerability exists in the MI5122-VW firmware's handling of files in a specific system folder. An attacker with local access and low privileges can save a maliciously crafted file to this location, triggering arbitrary code execution within the firmware context. The scope change (S:C) in the CVSS vector indicates that exploitation can affect resources beyond the vulnerable component's security scope, potentially impacting connected industrial processes. The attack chain requires: (1) local access to the device, (2) ability to write files to a specific folder, (3) no user interaction to trigger execution. Impact includes complete compromise of the industrial PC with potential downstream effects on controlled industrial processes.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade MI5122-VW firmware to version 08 or later to remediate the vulnerability
- If immediate patching is not feasible, implement workarounds and mitigations documented in Mitsubishi Electric security advisory 2024-003
- Verify current firmware version using MELIPC MI5000 Series User's Manual (Startup) Appendix 17 procedures
- Restrict physical and logical local access to affected industrial PCs to authorized personnel only
- Monitor for unauthorized file modifications in system directories
- Apply defense-in-depth strategies per CISA ICS recommended practices for industrial control systems
- Contact Mitsubishi Electric support for additional guidance on secure configuration and update procedures
Evidence notes
Vulnerability confirmed in CISA ICS advisory ICSA-24-191-02. CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H indicates local attack vector with scope change and complete impact across CIA triad. Affected product identified as Mitsubishi Electric MI5122-VW Firmware versions 05 through 07 inclusive.
Official resources
-
CVE-2024-3904 CVE record
CVE.org
-
CVE-2024-3904 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09