CVE-2022-33318 – This CVE describes a critical deserialization v... (How to Fix)

Q: What is the severity of CVE-2022-33318?

CVE-2022-33318 has a CVSS score of 9.8 (CRITICAL). This CVE describes a critical deserialization vulnerability in multiple Mitsubishi Electric industrial control software products. Remote unauthenticated attackers can execute arbitrary malicious code by sending specially crafted packets to vulnerable servers. Affected organizations include those using GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 software for industrial automation and monitoring.

📋 TL;DR

This CVE describes a critical deserialization vulnerability in multiple Mitsubishi Electric industrial control software products. Remote unauthenticated attackers can execute arbitrary malicious code by sending specially crafted packets to vulnerable servers. Affected organizations include those using GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 software for industrial automation and monitoring.

💻 Affected Systems

Products:

Mitsubishi Electric GENESIS64
Mitsubishi Electric Iconics Digital Solutions GENESIS64
Mitsubishi Electric ICONICS Suite
Mitsubishi Electric Iconics Digital Solutions ICONICS Suite
Mitsubishi Electric GENESIS32
Mitsubishi Electric Iconics Digital Solutions GENESIS32
Mitsubishi Electric MC Works64

Versions: GENESIS64: 10.97 to 10.97.1, ICONICS Suite: 10.97 to 10.97.1, GENESIS32: 9.7 and prior, MC Works64: 4.04E and prior

Operating Systems: Windows (typically used for industrial control systems)

Default Config Vulnerable: ⚠️ Yes

Notes: All affected versions in default configurations are vulnerable. These are industrial control system (ICS) software products used in critical infrastructure.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, potentially leading to industrial process disruption, data theft, or ransomware deployment across critical infrastructure.

🟠

Likely Case

Remote code execution enabling attackers to install malware, pivot to other systems, or disrupt industrial operations.

🟢

If Mitigated

Limited impact if systems are isolated behind firewalls with strict network segmentation and proper access controls.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing systems extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, the unauthenticated nature makes lateral movement and exploitation easy once network access is gained.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending specially crafted packets but is unauthenticated and remote, making exploitation relatively straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GENESIS64/ICONICS Suite: 10.97.2 or later, GENESIS32: Contact vendor, MC Works64: Contact vendor

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf

Restart Required: Yes

Instructions:

1. Download patches from Mitsubishi Electric support portal. 2. Apply patches according to vendor instructions. 3. Restart affected systems. 4. For GENESIS32 and MC Works64, contact vendor for specific update guidance.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks using firewalls.

Restrict Network Access

all

Configure firewall rules to only allow necessary connections to vulnerable ports.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check software version against affected versions list. Review system logs for unusual network activity on relevant ports.

Check Version:

Check version through software interface or consult vendor documentation for version checking procedure.

Verify Fix Applied:

Verify software version is updated to patched version. Test system functionality after patch application.

📡 Detection & Monitoring

Log Indicators:

Unusual network connections to vulnerable ports
Unexpected process execution
System crashes or instability

Network Indicators:

Suspicious packets to GENESIS/ICONICS service ports
Unusual outbound connections from affected systems

SIEM Query:

source_ip IN (external_ips) AND dest_port IN (vulnerable_ports) AND protocol=tcp

📊 Metadata

CVE ID: CVE-2022-33318

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: July 20, 2022

Last Updated: January 9, 2026

🔗 References

https://jvn.jp/vu/JVNVU96480474/index.html Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf Third Party Advisory
https://jvn.jp/vu/JVNVU96480474/index.html Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33318, you might also want to check these: