CVE-2022-33316

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes.

Published: Jul 20, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-33316
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
iconics / genesis64	10.97.1	10.97.1.x
iconics / genesis64	10.97	10.97.x
mitsubishielectric / mc_works64	-	10.95.210.01.x

https://jvn.jp/vu/JVNVU96480474/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf

Vulnerability Database

289,784

CVE-2022-33316