#VU65753 Inclusion of Functionality from Untrusted Control Sphere in GENESIS64 and GraphWorX64 - CVE-2022-33317

Cybersecurity Help s.r.o.

Published: 2022-07-25 | Updated: 2022-08-24

Vulnerability identifier: #VU65753

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-33317

CWE-ID: CWE-829

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GENESIS64
Server applications / SCADA systems
GraphWorX64
Server applications / SCADA systems

Vendor: ICONICS, Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to inclusion of functionality from untrusted control sphere. A remote attacker can trick the victim to open a specially crafted GDFX file and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

GENESIS64: 10.97 - 10.97.1

GraphWorX64: 10.97.1

External links
https://jvn.jp/vu/JVNVU96480474/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf
https://www.zerodayinitiative.com/advisories/ZDI-22-1162/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Mitsubishi Electric MC Works64

Multiple vulnerabilities in ICONICS Product Suite