CVE-2024-1574 in ICONICSinfo

Summary

by MITRE • 07/04/2024

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/08/2026

The vulnerability identified as CVE-2024-1574 represents a critical unsafe reflection flaw within multiple Mitsubishi Electric industrial software products including GENESIS64, ICONICS Suite, Hyper Historian, AnalytiX, MobileHMI, MC Works64, and various legacy versions of GENESIS32 and BizViz. This issue falls under the CWE-94 category of "Improper Control of Generation of Code ('Code Injection')" and specifically manifests as an unsafe reflection vulnerability that allows attackers to manipulate class or code selection through externally controlled input. The flaw exists in the licensing feature implementation across these industrial control systems, creating a pathway for malicious code execution with elevated privileges.

The technical implementation of this vulnerability stems from the software's reliance on reflection mechanisms to dynamically load classes or execute code based on input parameters. When the licensing system processes external input without proper validation or sanitization, it inadvertently allows attackers to supply malicious class names or code references that get executed within the application context. This unsafe reflection pattern enables an attacker to bypass normal execution boundaries and inject arbitrary code into the system. The vulnerability is particularly dangerous because it requires minimal privileges for exploitation and can elevate an attacker's access level to administrative privileges, which is a direct violation of the principle of least privilege in cybersecurity.

The operational impact of CVE-2024-1574 extends beyond simple code execution to encompass potential system compromise and operational disruption within industrial environments. Attackers leveraging this vulnerability can gain complete control over affected systems, potentially leading to unauthorized data access, modification of critical operational parameters, or even complete system takeover. The attack vector is particularly concerning because it targets a local attacker with access to specific files, suggesting that physical access or network compromise of a system could lead to privilege escalation. This vulnerability directly maps to ATT&CK technique T1059.007 for "Command and Scripting Interpreter: Python" and T1068 for "Exploitation for Privilege Escalation," making it a significant threat in industrial control system environments where operational technology security is paramount.

Mitigation strategies for CVE-2024-1574 should prioritize immediate software updates from Mitsubishi Electric to address the unsafe reflection implementation in the licensing components. Organizations must implement strict input validation and sanitization measures to prevent external input from influencing class or code selection processes. System administrators should also consider implementing network segmentation to limit access to affected systems and establish monitoring protocols for unusual file modifications that might indicate exploitation attempts. The vulnerability's presence in multiple product lines suggests that comprehensive patch management across all affected Mitsubishi Electric industrial software installations is essential. Additionally, organizations should conduct thorough security assessments of their industrial control systems to identify other potential reflection-based vulnerabilities and implement proper access controls to limit local system access to authorized personnel only.

Disclosure

07/04/2024

Moderation

accepted

CPE

ready

EPSS

0.00192

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!