CVE-2022-33317: 
Mitsubishi Electric ICONICS GENESIS64 vulnerability analysis and mitigation

CVE-2022-33317 is a vulnerability affecting ICONICS GENESIS64 versions 10.97.1 and prior, and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior. The vulnerability is classified as an Inclusion of Functionality from Untrusted Control Sphere (CWE-829) that allows an unauthenticated attacker to execute arbitrary malicious code by leading a user to load a monitoring screen file containing malicious script codes (NVD, CISA).

The vulnerability exists within GraphWorX64 scripting, which is based on JScript and .NET, and stores script code in GraphWorX64 project files. These project files can be directly edited to include malicious code. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required for exploitation (ZDI, NVD).

Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the current process. An attacker could potentially achieve remote code execution if a user is convinced to load a malicious monitoring screen file (ZDI, CISA).

ICONICS and Mitsubishi Electric have released security updates to address this vulnerability. Users are recommended to update to version 10.97.2 or later. Additional mitigation steps include using firewalls, isolating control system networks from business networks, restricting access to TCP ports, and utilizing secure remote access methods such as VPNs. Users should also avoid clicking web links or opening unsolicited attachments in email messages (CISA).