CVE-2022-33317

Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes.

Published: Jul 20, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-33317
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-829

Affected Software
References

Software	From	Fixed in
iconics / genesis64	10.97.1	10.97.1.x
iconics / genesis64	10.97	10.97.x
mitsubishielectric / mc_works64	-	10.95.210.01.x

https://jvn.jp/vu/JVNVU96480474/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf

Vulnerability Database

289,784

CVE-2022-33317