CVE-2024-7587

Published Oct 22, 2024

Last updated 2 months ago

CVSS high 7.8
Scada
OT

Overview

Description
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
Source
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
NVD status
Modified
Products
genesis64, mc_works64

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CWE-276

Social media

Hype score
Not currently trending

  1. به تازگی برای ICONICS Suite که یک نوع scada می باشد و در صنایع آب استفاده می شود ، آسیب پذیری با کد شناسایی (CVE-2024-1182) از نوع DLL hijacking و آسیب پذیری با کد شناسایی (CVE-2024-7587) از نوع DOS منتشر شده است. https://t.co/Poz3aKY03t https://t.co/Z1ejReTrF3

    @AmirHossein_sec

    15 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی برای ICONICS Suite که یک نوع scadaمی باشدو درصنایع آب استفاده می شودآسیب پذیری با کد شناسایی (CVE-2024-1182)از نوع DLL hijacking و آسیب پذیری باکد شناسایی (CVE-2024-7587) از نوع DOS منتشر شده است. هکر ها بااستفاده ازاین دو آسیب پذیری می توانند کدهای مخرب را اجرا نمایند.

    @cybernetic_cy

    15 Mar 2025

    148 Impressions

    11 Retweets

    12 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  3. Warning: High Incorrect Default Permissions vulnerability in ICONICS Suite GENESIS64 and Mitsubishi Electric MC Works64. #CVE-2024-7587 CVSS: 7.8. This can lead to Information Disclosure/Tampering and DoS! #Patch #Patch #Patch https://t.co/OsdqQob9LE

    @CCBalert

    6 Nov 2024

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.CVE-2026-22553
  2. InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.CVE-2026-21410
  3. The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.CVE-2026-1670
  4. A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.CVE-2026-2630
  5. An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configurationCVE-2025-70828

References

Sources include official advisories and independent security research.