CVE-2020-12011
published 2020-07-16CVE-2020-12011: A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
29.19%
97.9th percentile
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitsubishielectric | mc_works | <= 10.95.208.31 | — |
| mitsubishielectric | mc_works32 | — | — |
| mitsubishielectric | mc_works32 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the GenBroker64 or GenBroker32 communication service — a specially crafted packet to these components triggers the out-of-bounds write (CVE-2020-12011); monitor for anomalous/malformed inbound packets to these broker services. ↗
- →Monitor for anomalous/malformed inbound packets to MC Works64 Broker64 or MC Works32 Broker32 services, which are the specific targeted components for CVE-2020-12011. ↗
- →High skill level is required to exploit; prioritize monitoring for targeted, low-volume, crafted packet activity rather than broad scanning noise. ↗
- ·CVE-2020-12011 is an Out-of-Bounds Write (CWE-787) with CVSS v3 score 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) — the high attack complexity (AC:H) means exploitation is not trivial and requires specific conditions to be met. ↗
- ·Affected versions for ICONICS: GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; GenBroker32 v9.5 and prior. Affected versions for Mitsubishi Electric: MC Works64 v4.02C (10.95.208.31) and earlier; MC Works32 v3.00A (9.50.255.02). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Mitsubishi Electric MC Works64, MC Works32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] Mitsubishi Electric MC Works64, MC Works32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric MC Works64, MC Works32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: Mitsubishi Electric
- Equipment: MC Works64, MC Works32
- Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following produc
CISA ICS
ICONICS GENESIS64, GENESIS32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] ICONICS GENESIS64, GENESIS32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ICONICS GENESIS64, GENESIS32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: ICONICS
- Equipment: GENESIS64, GENESIS32
- Vulnerabilities: Out-of-Bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following products using GenBroker64, Platform Services, Workbench, FrameWorX Server; v10.96 and prior a
GHSA
GHSA-p8wr-hxwm-p363: A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution
ghsa_unreviewed·2022-05-24
CVE-2020-12011 [HIGH] GHSA-p8wr-hxwm-p363: A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-16
Published