CVE-2024-1182
📋 TL;DR
This is a DLL hijacking vulnerability in Mitsubishi Electric's GENESIS and ICONICS industrial control software suites. A local attacker can execute arbitrary code by placing a malicious DLL in a specific folder when the Pager agent is installed. This affects all versions of GENESIS64, GENESIS32, ICONICS Suite, and MC Works64 software.
💻 Affected Systems
- Mitsubishi Electric Iconics Digital Solutions GENESIS64
- Mitsubishi Electric GENESIS64
- Mitsubishi Electric Iconics Digital Solutions ICONICS Suite
- Mitsubishi Electric ICONICS Suite
- Mitsubishi Electric Iconics Digital Solutions GENESIS32
- Mitsubishi Electric GENESIS32
- Mitsubishi Electric MC Works64
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining SYSTEM-level privileges, allowing installation of persistent malware, data theft, or disruption of industrial operations.
Likely Case
Local privilege escalation leading to unauthorized access to industrial control systems, potential data exfiltration, or lateral movement within OT networks.
If Mitigated
Limited impact with proper access controls preventing unauthorized local access to affected systems.
🎯 Exploit Status
Exploitation requires local access to the system and knowledge of the specific folder path where DLLs are loaded from.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not version-specific - requires configuration changes
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf
Restart Required: Yes
Instructions:
1. Uninstall the Pager agent from affected systems. 2. Restart the system. 3. Verify Pager agent is no longer present in installed programs.
🔧 Temporary Workarounds
Remove Pager Agent
windowsUninstall the Pager agent component which is required for exploitation
Control Panel > Programs and Features > Uninstall Pager Agent
Restrict Folder Permissions
windowsApply strict access controls to the folder where malicious DLLs could be placed
icacls "C:\Program Files\ICONICS\GENESIS64\Bin" /deny Everyone:(OI)(CI)F
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local access to affected systems.
- Monitor for suspicious DLL files in the application installation directories.
🔍 How to Verify
Check if Vulnerable:
Check if Pager agent is installed: Control Panel > Programs and Features, look for 'Pager' or related ICONICS components.Check Version:
Not applicable - all versions are affectedVerify Fix Applied:
Verify Pager agent is no longer listed in installed programs and cannot be found in the system.📡 Detection & Monitoring
Log Indicators:
- Unexpected DLL loads from application directories
- Failed attempts to access restricted folders
- Pager agent installation/removal events
Network Indicators:
- Unusual outbound connections from industrial control systems
SIEM Query:
EventID=4688 AND (ProcessName LIKE '%GENESIS%' OR ProcessName LIKE '%ICONICS%') AND CommandLine LIKE '%.dll%'🔗 References
- https://jvn.jp/vu/JVNVU98894016/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf
- https://jvn.jp/vu/JVNVU98894016/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf
