CVE-2022-33320 – This CVE describes a deserialization vulnerabil... (How to Fix)

Q: What is the severity of CVE-2022-33320?

CVE-2022-33320 has a CVSS score of 7.8 (HIGH). This CVE describes a deserialization vulnerability in Mitsubishi Electric's GENESIS64, ICONICS Suite, and MC Works64 software. An unauthenticated attacker can execute arbitrary code by tricking a user into loading a malicious project configuration file. Affected organizations include industrial control system operators using these specific versions.

📋 TL;DR

This CVE describes a deserialization vulnerability in Mitsubishi Electric's GENESIS64, ICONICS Suite, and MC Works64 software. An unauthenticated attacker can execute arbitrary code by tricking a user into loading a malicious project configuration file. Affected organizations include industrial control system operators using these specific versions.

💻 Affected Systems

Products:

Mitsubishi Electric GENESIS64
Mitsubishi Electric Iconics Digital Solutions GENESIS64
Mitsubishi Electric ICONICS Suite
Mitsubishi Electric Iconics Digital Solutions ICONICS Suite
Mitsubishi Electric MC Works64

Versions: GENESIS64 versions 10.97 to 10.97.1, ICONICS Suite versions 10.97 to 10.97.1, MC Works64 versions 4.04E and prior

Operating Systems: Windows (typically used for industrial control systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration; exploitation requires user to load malicious project file.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code with system privileges, potentially leading to operational disruption, data theft, or lateral movement within industrial networks.

🟠

Likely Case

Remote code execution on affected systems, enabling attackers to install malware, steal credentials, or disrupt industrial processes.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and file validation controls are implemented.

🌐 Internet-Facing: MEDIUM - While exploitation requires user interaction, internet-facing systems increase attack surface and potential for phishing/social engineering.

🏢 Internal Only: HIGH - Industrial control systems often have critical functions; internal compromise can lead to operational disruption even without internet exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires user interaction but no authentication needed for exploitation.

Exploitation requires social engineering to get user to load malicious file; no public exploit code available at time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GENESIS64/ICONICS Suite: version 10.97.2 or later; MC Works64: version 4.04F or later

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf

Restart Required: Yes

Instructions:

1. Download updated versions from Mitsubishi Electric support portal. 2. Backup current configuration and data. 3. Install the updated software. 4. Restart affected systems. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict project file loading

all

Implement policies to only load project files from trusted sources and validate file integrity before loading.

Network segmentation

all

Isolate affected systems from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict user training about loading only trusted project files
Deploy application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check software version in application about dialog or installation directory; compare against affected versions list.

Check Version:

Check Help > About in application interface or examine installed programs in Windows Control Panel.

Verify Fix Applied:

Verify installed version is 10.97.2 or later for GENESIS64/ICONICS Suite, or 4.04F or later for MC Works64.

📡 Detection & Monitoring

Log Indicators:

Unexpected process creation from GENESIS64/ICONICS/MC Works64 processes
Loading of project files from unusual locations
XML parsing errors in application logs

Network Indicators:

Unusual outbound connections from affected systems
File transfers to/from industrial control systems

SIEM Query:

Process creation where parent process contains 'GENESIS64' OR 'ICONICS' OR 'MCWorks64' AND (command line contains suspicious patterns OR destination IP is external)

📊 Metadata

CVE ID: CVE-2022-33320

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: July 20, 2022

Last Updated: January 9, 2026

🔗 References

https://jvn.jp/vu/JVNVU96480474/index.html Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf Third Party Advisory
https://jvn.jp/vu/JVNVU96480474/index.html Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33320, you might also want to check these: