Executive Summary
In a vital alert issued by CISA, a significant vulnerability has been identified in the ICONICS Product Suite and Mitsubishi Electric's MC Works64 software. The vulnerability is classified with a CVSS v3 score of 7.8, indicating that while exploitation isn't overly complex, the potential consequences can be severe. Let's unpack the details of this vulnerability and explore what it means for users of these products.Key Highlights:
- Severity: High (CVSS v3 7.8)
- Attack Complexity: Low
- Affected Products: ICONICS Suite (includes components like GENESIS64, Hyper Historian, AnalytiX, MobileHMI) version 10.97.3 and prior, and all versions of Mitsubishi Electric MC Works64.
- Attack Vector: Incorrect Default Permissions
Risk Evaluation
The implications of exploiting this vulnerability are serious. It could lead to:- Disclosure of Confidential Information: Unauthorized access may expose sensitive data to malicious actors.
- Data Tampering: Altering the integrity of information can lead to operational failures.
- Denial of Service: This could render essential services unusable, crippling business operations.
Technical Details
Affected Products
The primary products at risk include:- ICONICS Suite (all components) versions 10.97.3 and earlier.
- Mitsubishi Electric MC Works64 in any version.
Vulnerability Overview
The root cause of the vulnerability lies in Incorrect Default Permissions (CWE-276), which could permit unauthorized access. A specific identifier, CVE-2024-7587, has been assigned to this vulnerability for tracking purposes.Background Information
This issue predominantly affects sectors within Critical Manufacturing and has a global reach, as the products are utilized worldwide. Notably, ICONICS is based in the United States, while Mitsubishi Electric operates out of Japan.Research Initiatives
This vulnerability was reported by researchers Asher Davila and Malav Vyas from Palo Alto Networks, highlighting the collaboration between security researchers and vendors to address emerging threats.Mitigations
To protect against this vulnerability, ICONICS recommends the following steps:- Upgrade: Transition to version 10.97.3 CFR1 or later of ICONICS products. Current users of older versions should:
- Avoid installing outdated components: Specifically, refrain from using GenBroker32 that comes packaged with older versions.
- Permission Verification: For existing installations, check the C:\ProgramData\ICONICS folder permissions:
- Ensure that "Everyone" does not have access. If it does, follow these steps to rectify it:
- Right-click the C:\ProgramData\ICONICS folder and select Properties.
- Go to the Security tab → Advanced → Change Permissions.
- Select "Everyone" and ensure to remove this access.
- Ensure that "Everyone" does not have access. If it does, follow these steps to rectify it:
Recommendations from CISA
CISA encourages organizations to conduct thorough impact assessments and consider defensive practices against this vulnerability. Several resources, including best practices for cybersecurity, have been made available to help enhance organizational security measures.Reporting and Response
Organizations noticing suspicious activities are urged to report their observations to CISA, fostering a cooperative effort to track and correlate incidents effectively.Update History
On October 22, 2024, this vulnerability was publicly announced, marking a pivotal moment for organizations reliant on these critical manufacturing tools.In a world where digital security is paramount, this advisory serves as a critical reminder of the importance of maintaining up-to-date security measures and permissions on all technological fronts, especially in environments dealing with sensitive information.
For users reliant on ICONICS and Mitsubishi Electric products, now is the time to act—review your systems and ensure you're safeguarded against potential threats lurking in the shadows. Stay vigilant!
Source: CISA ICONICS and Mitsubishi Electric Products