CVE-2024-8300
CVE-2024-8300 is a high-severity vulnerability with a CVSS 3.x base score of 7.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-561.
Key facts
- Severity: High (CVSS 3.x base score 7.0)
- EPSS exploit prediction: 0% (10th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-49597
- Weakness: CWE-561
- Published:
- Last modified:
Description
Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
Frequently asked questions
- What is CVE-2024-8300?
- Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
- How severe is CVE-2024-8300?
- CVE-2024-8300 has a CVSS 3.x base score of 7.0, rated high severity. It is exploitable over local access with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2024-8300 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (10th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2024-8300?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2024-8300 have an EU (EUVD) identifier?
- Yes. CVE-2024-8300 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-49597.
- When was CVE-2024-8300 published?
- CVE-2024-8300 was published on 2024-11-28 and last updated on 2026-06-17.
References
- https://jvn.jp/vu/JVNVU93891820
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf
Other CWE-561 vulnerabilities
- CVE-2025-34205 — Critical (CVSS 9.8): Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to…
- CVE-2024-32634 — Medium (CVSS 6.1): In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
- CVE-2022-33685 — Medium (CVSS 4.0): Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch…
- CVE-2022-30748 — Medium (CVSS 4.0): Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.
- CVE-2022-33726 — Low (CVSS 3.3): Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch…
- CVE-2021-25398 — Low (CVSS 3.3): Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.