Mitsubishi Electric GENESIS64/MC Works64 Improper File Access Permissions Vulnerability (CVE-2024-7587)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Inadequate File Access Permission Settings During Installation in Mitsubishi Electric GENESIS64 and MC Works64 - Summary: A vulnerability exists in all versions of GENESIS64 prior to and including Version 10.97.3, as well as in all versions of MC Works64, related to improper file access permission settings during installation. 2. Affected Systems: - All versions of GENESIS64 up to and including Version 10.97.3 - All versions of MC Works64 3. Detailed Information: - Vulnerability IDs: CWE-276, CVE-2024-7587 - This vulnerability allows attackers to access and modify sensitive information or data stored in the directory , potentially leading to a Denial of Service (DoS) condition. 4. Mitigation Measures: - Update: - For users of GENESIS64 Version 10.97.3: Apply the GENESIS64 Security Patch and reinstall GenBroker32. - For users of GENESIS64 Version 10.97.2 and earlier (including MC Works64 users): Upgrade GENESIS64 to Version 10.97.3 and reinstall GenBroker32. - Workaround: In cases where applying the security patch or upgrading is difficult, manually remove the "Everyone" permission from all files in the directory and its subdirectories. - Mitigation Measures: - Place affected PCs within a LAN environment and restrict remote logins from untrusted networks and hosts. - When connecting affected PCs to the internet, use firewalls or Virtual Private Networks (VPNs) to allow remote logins only for trusted users. - For PCs connected to the same network, restrict physical access. 5. Reference Information: - ICS Advisory - Supplementary information from JPCERT/CC - Vulnerability analysis results from JPCERT/CC 6. Update History: - 2024/10/23: Added a link to the ICS Advisory in the reference information section. This information provides a detailed description of the vulnerability, affected systems, mitigation measures, and references, helping users understand and respond to this security risk.

Goal Reached Thanks to every supporter — we hit 100%!

Mitsubishi Electric GENESIS64/MC Works64 Improper File Access Permissions Vulnerability (CVE-2024-7587)