Mitsubishi Electric MILCO.S Lighting Control Application DLL Hijacking Vulnerability Allowing Malicious Code Execution

A vulnerability allowing malicious code execution through DLL hijacking has been identified in all versions of the Mitsubishi Electric MILCO.S Setting and Operation Application, as well as the MILCO.S Easy Setting and Easy Switch Applications, all versions. This vulnerability arises from an uncontrolled search path element, which allows a local attacker to execute malicious code by having the installer load a harmful DLL. The issue only occurs when the installer is run, not after the application has been installed. However, if the application is downloaded directly from the official Mitsubishi Electric website, there is no risk of introducing malicious code.

Impact

Exploitation of this vulnerability could lead to the execution of malicious code on the affected system.

Remediation

Users are advised to download and install the fixed version of the application from the Mitsubishi Electric website. For those unable to update immediately, it is recommended to restrict physical access to the computer, install antivirus software, avoid opening untrusted files or links, and ensure no DLL files are present in the installation folder before running the installer.