CVE-2020-12007
published 2020-07-16CVE-2020-12007: A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.94%
89.1th percentile
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iconics | genbroker32 | — | — |
| mitsubishi_electric | mc_works32 | — | — |
| mitsubishi_electric | mc_works64 | — | — |
| mitsubishi_electric | mc_works64 | — | — |
| mitsubishielectric | mc_works | <= 10.95.208.31 | — |
| mitsubishielectric | mc_works32 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the GENESIS64 FrameWorX Server and MC Works64 FrameWorX Server components — a specially crafted communication packet triggers deserialization of untrusted data (CWE-502) enabling RCE and DoS ↗
- →Monitor for specially crafted inbound network packets targeting MC Works64 FrameWorX Server; the attack vector is network (AV:N), no authentication required (PR:N), no user interaction (UI:N), low attack complexity (AC:L) ↗
- →Alert on unexpected process crashes or denial-of-service conditions on FrameWorX Server processes in ICONICS GENESIS64 (v10.96 and prior) and Mitsubishi Electric MC Works64 (v4.02C / 10.95.208.31 and earlier) ↗
- ·No known public exploits exist for this vulnerability at time of advisory publication; exploitation requires a high skill level ↗
- ·Affected versions span multiple product lines: GENESIS64 (GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior) and GENESIS32 (GenBroker32 v9.5 and prior), as well as MC Works64 v4.02C (10.95.208.31) and earlier and MC Works32 v3.00A (9.50.255.02) — ensure detection scope covers all variants ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Mitsubishi Electric MC Works64, MC Works32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] Mitsubishi Electric MC Works64, MC Works32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric MC Works64, MC Works32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: Mitsubishi Electric
- Equipment: MC Works64, MC Works32
- Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following produc
CISA ICS
ICONICS GENESIS64, GENESIS32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] ICONICS GENESIS64, GENESIS32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ICONICS GENESIS64, GENESIS32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: ICONICS
- Equipment: GENESIS64, GENESIS32
- Vulnerabilities: Out-of-Bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following products using GenBroker64, Platform Services, Workbench, FrameWorX Server; v10.96 and prior a
GHSA
GHSA-c683-386m-9r6m: A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a des
ghsa_unreviewed·2022-05-24
CVE-2020-12007 [HIGH] GHSA-c683-386m-9r6m: A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a des
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-16
Published