Versions
ICONICS GENESIS64 versions 10.97.1 and prior
ICONICS GENESIS64 versions 10.95.3 to 10.97
ICONICS Hyper Historian versions 10.95.3 to 10.97
Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior
ICONICS Hyper Historian versions 10.97 and prior
ICONICS GENESIS64 versions 10.97 to 10.97.1
ICONICS MobileHMI versions 10.95.3 to 10.97
ICONICS GENESIS64 versions 10.90 to 10.97
Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)
ICONICS GENESIS64 versions 10.97 and prior
ICONICS AnalytiX versions 10.95.3 to 10.97
Recent CVEs
CVE-2022-33319
Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64 server.
CVE-2022-33318
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server.
CVE-2022-33320
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file including malicious XML codes.
CVE-2022-33315
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes.
CVE-2022-33317
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes.
CVE-2022-33316
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes.
CVE-2022-23129
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information.