Published: 20/07/2022 Updated: 27/07/2022

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated malicious user to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
iconics genesis64 10.97.1
iconics genesis64 10.97
mitsubishielectric mc works64

Critical Infrastructure Sectors: Critical Manufacturing

Paracosme is a zero-click remote memory corruption exploit that compromises ICONICS Genesis64 which was demonstrated successfully on stage during the Pwn2Own Miami 2022 competition.

Paracosme - CVE-2022-33318 - Remote Code Execution in ICONICS Genesis64 Paracosme is a memory corruption exploit I wrote to target the Genesis64 suite v10971 made by ICONICS to achieve remote code execution The exploit was demonstrated during the Pwn2Own 2022 Miami contest that took place at the S4x22 Conference You can read about it in Competing in Pwn2Own ICS 2022 Miam

CWE-502 https://jvn.jp/vu/JVNVU96480474/index.html https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf https://nvd.nist.gov https://github.com/0vercl0k/paracosme https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-04

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-33318

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect