A malicious code execution vulnerability exists in the FAX agent of the multi-agent notification feature across multiple Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions products. The vulnerability stems from an uncontrolled search path element (CWE-427) that could allow an attacker to execute arbitrary code. The issue affects all versions of MC Works64 and GENESIS32 unconditionally, [truncated]
HIGHMitsubishi Electric Iconics Digital SolutionsCVE published 2024-12-03
A malicious code execution vulnerability exists in the FA device communication driver of GENESIS64 and ICONICS Suite due to dead code (CWE-561). The vulnerability affects users who install affected products in an unprotected folder other than the default installation folder. The CVSS 3.1 vector indicates local attack vector with high attack complexity, low privileges required, no user interaction, and hig [truncated]
HIGHMitsubishi Electric Iconics Digital SolutionsCVE published 2024-10-22
A vulnerability caused by incorrect default permissions exists in Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric products. This vulnerability may allow unauthorized disclosure of confidential information, data tampering, or denial-of-service conditions.
MEDIUMMitsubishi Electric Iconics Digital SolutionsCVE published 2024-07-02
A local arbitrary code execution vulnerability exists in the licensing feature of multiple Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions products. The vulnerability stems from unsafe reflection (CWE-470), where externally-controlled input can be used to select classes or code. A local attacker with low privileges can execute arbitrary code with administrative privileges by tamperin [truncated]
MEDIUMMitsubishi Electric Iconics Digital SolutionsCVE published 2024-07-02
An authentication bypass vulnerability exists in the mobile monitoring feature of Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric products. The vulnerability occurs when four specific conditions are simultaneously met: Active Directory is used in security settings, the 'Automatic log in' option is enabled, the IcoAnyGlass IIS Application Pool runs under an Active Directory Domain Acc [truncated]
HIGHMitsubishi Electric Iconics Digital SolutionsCVE published 2024-07-02
A local arbitrary code execution vulnerability exists in the Pager agent component of the multi-agent notification feature across multiple Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions products. The vulnerability stems from an uncontrolled search path element (CWE-427), allowing a local attacker to execute arbitrary code by placing a specially crafted DLL in a specific folder. The [truncated]
