Mitsubishi Electric Iconics Products Windows Shortcut Following Vulnerability Allowing Unauthorized File Writes

A Windows Shortcut Following vulnerability has been identified in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64, GENESIS version 11.00, and MC Works64. This vulnerability allows a local authenticated attacker to create a symbolic link from a file used by the affected processes as a write destination to a target file. Exploiting this vulnerability could lead to unauthorized writes to arbitrary files, potentially destroying critical files on the user's PC and causing a denial-of-service condition if the destroyed file is essential for the PC's operation.

Impact

Exploitation of this vulnerability could result in unauthorized writes to files, allowing for information tampering. This could lead to the destruction of important files on a PC with the affected products installed, causing a denial-of-service condition if the destroyed file is necessary for the PC's operation.

Remediation

Users of GENESIS should download and apply the latest version. For GENESIS64, a fixed version is currently in development and will be released soon. MC Works64 users should be aware that no fixed version is planned.