CVE-2024-8300 Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite

🗓️ 28 Nov 2024 22:18:28Reported by MitsubishiType

Malicious Code Execution Vulnerability in GENESIS64 Dead Code issue in ICONICS GENESIS64 and Mitsubishi Electric GENESIS6

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Mitsubishi Electric FA Connector in the GENESIS64 SCADA system allows a intruder to gain unauthorized access to read, modify, or delete data, execute arbitrary code, or cause a service failure.	3 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-8300	3 Dec 202411:00	–	circl
CNNVD	ICONICS GENESIS64 安全漏洞	28 Nov 202400:00	–	cnnvd
CVE	CVE-2024-8300	28 Nov 202422:18	–	cve
EUVD	EUVD-2024-49597	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8300	28 Nov 202423:15	–	nvd
Positive Technologies	PT-2024-8959	28 Nov 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-8300	4 Feb 202522:41	–	redhatcve
The Hacker News	⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More	17 Mar 202511:25	–	thn
Vulnrichment	CVE-2024-8300 Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite	28 Nov 202422:18	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "GENESIS64",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR1"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CRF2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GENESIS64",
    "vendor": "Mitsubishi Electric Iconics Digital Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR1"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CRF2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ICONICS Suite",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR1"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CRF2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ICONICS Suite",
    "vendor": "Mitsubishi Electric Iconics Digital Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "Version 10.97.2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CFR1"
      },
      {
        "status": "affected",
        "version": "Version 10.97.2 CRF2"
      },
      {
        "status": "affected",
        "version": "Version 10.97.3"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-338-04
jvn	www.jvn.jp/vu/JVNVU93891820
mitsubishielectric	www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf

09 Jan 2026 07:52Current

CVSS 3.17

EPSS0.00049

CWE-561