CVE-2022-33318
Published: Jul 20, 2022
Modified: Jan 9, 2026
CVSS v3.1
9.8
Description
Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.
| Vendor | Product | Versions |
|---|---|---|
Mitsubishi Electric | GENESIS64 | affected Versions 10.97 to 10.97.1 |
Mitsubishi Electric Iconics Digital Solutions | GENESIS64 | affected Versions 10.97 to 10.97.1 |
Mitsubishi Electric | ICONICS Suite | affected Versions 10.97 to 10.97.1 |
Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite | affected Versions 10.97 to 10.97.1 |
Mitsubishi Electric | GENESIS32 | affected Versions 9.7 and prior |
Mitsubishi Electric Iconics Digital Solutions | GENESIS32 | affected Versions 9.7 and prior |
Mitsubishi Electric | MC Works64 | affected Versions 4.04E and prior |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now