CVE-2024-7587— Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-7587
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
Source: NVD (National Vulnerability Database)
Vulnerability Description
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mitsubishi Electric MC Works64和Mitsubishi Electric GENESIS64 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mitsubishi Electric MC Works64和Mitsubishi Electric GENESIS64都是日本三菱电机(Mitsubishi Electric)公司的产品。Mitsubishi Electric MC Works64是一套数据采集与监控系统(SCADA)。Mitsubishi Electric GENESIS64是一个 SCADA 套件。 Mitsubishi Electric MC Works64和Mitsubishi Electric GENESIS64存在安全漏洞,
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 | Versions 10.97.3 and prior | - | |
| Mitsubishi Electric Corporation | MC Works64 | All versions | - | |
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 | Versions 10.97.3 and prior | - | |
| Mitsubishi Electric Corporation | ICONICS Suite | Versions 10.97.3 and prior | - | |
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite | Versions 10.97.3 and prior | - | |
| Mitsubishi Electric Corporation | GENESIS32 | Versions 9.70.300.23 and prior | - | |
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 | Versions 9.70.300.23 and prior | - |
II. Public POCs for CVE-2024-7587
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-7587
请登录查看更多情报信息。
- ICONICS and Mitsubishi Electric Products | CISAgovernment-resource
- JVNVU#95548104: 三菱電機製GENESIS64およびMC Works64におけるインストール時の不適切なファイルアクセス権設定の脆弱性government-resource
- https://nvd.nist.gov/vuln/detail/CVE-2024-7587
IV. Related Vulnerabilities
Same product: GENESIS64
- CVE-2025-14816
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2025-14815
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2025-11774
Malicious Code Execution Vulnerability in the Software Keybo - CVE-2025-7376
Information Tampering Vulnerability in Multiple Processes of - CVE-2025-0921
Information Tampering Vulnerability in Multiple Services of
Same vendor: Mitsubishi Electric Corporation
- CVE-2025-14816
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2025-14815
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2025-2399
Denial of Service (DoS) Vulnerability in Mitsubishi Electric - CVE-2026-1876
Denial-of-Service (DoS) vulnerability in Ethernet function o - CVE-2026-1875
Denial-of-Service (DoS) vulnerability in Ethernet function o
Same weakness: CWE-276
- CVE-2026-0539
Local Privilege Escalation in pcvisit service client - CVE-2026-6823
HKUDS OpenHarness Insecure Default Remote Channel Allowlist - CVE-2026-6819
HKUDS OpenHarness Plugin Management Command Exposure - CVE-2026-39454
SKYSEA Client View 安全漏洞 - CVE-2026-30811
Missing Authorization in Configuration Ajax Endpoint leads t
V. Comments for CVE-2024-7587
No comments yet