CVE-2020-12009
published 2020-07-16CVE-2020-12009: A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.60%
88.0th percentile
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iconics | genbroker32 | — | — |
| mitsubishi_electric | mc_works32 | — | — |
| mitsubishi_electric | mc_works64 | — | — |
| mitsubishi_electric | mc_works64 | — | — |
| mitsubishielectric | mc_works | <= 10.95.208.31 | — |
| mitsubishielectric | mc_works32 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Mitsubishi Electric MC Works64, MC Works32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] Mitsubishi Electric MC Works64, MC Works32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric MC Works64, MC Works32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: Mitsubishi Electric
- Equipment: MC Works64, MC Works32
- Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following produc
CISA ICS
ICONICS GENESIS64, GENESIS32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] ICONICS GENESIS64, GENESIS32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ICONICS GENESIS64, GENESIS32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: ICONICS
- Equipment: GENESIS64, GENESIS32
- Vulnerabilities: Out-of-Bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following products using GenBroker64, Platform Services, Workbench, FrameWorX Server; v10.96 and prior a
GHSA
GHSA-ww65-5fcm-v6g6: A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability
ghsa_unreviewed·2022-05-24
CVE-2020-12009 [MEDIUM] GHSA-ww65-5fcm-v6g6: A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-16
Published