CVE-2020-12013
published 2020-07-16CVE-2020-12013: A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC…
PriorityP261critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
3.03%
85.8th percentile
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iconics | genbroker32 | — | — |
| mitsubishi_electric | mc_works32 | — | — |
| mitsubishi_electric | mc_works64 | — | — |
| mitsubishi_electric | mc_works64 | — | — |
| mitsubishielectric | mc_works32 | — | — |
| mitsubishielectric | mc_works64 | <= 10.95.208.31 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-12013 is exploited via a specially crafted WCF (Windows Communication Foundation) client message targeting the GENESIS64 FrameWorX Server / MC Works64 GridWorX server to execute arbitrary SQL commands remotely — monitor for anomalous WCF traffic carrying SQL payloads directed at these services. ↗
- →For MC Works64 variant: monitor for specially crafted messages from custom client functions targeting the GridWorX server component that contain arbitrary SQL commands — look for unexpected SQL syntax in WCF/GridWorX traffic. ↗
- →The vulnerability is network-exploitable with no authentication required (PR:N, UI:N, AC:L) — any unauthenticated remote connection to the FrameWorX/GridWorX service should be treated as high-risk and monitored for SQL injection patterns. ↗
- ·Affected products span two vendor lines: ICONICS GENESIS64 (GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior) and GENESIS32 (GenBroker32 v9.5 and prior), as well as Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier and MC Works32 Version 3.00A (9.50.255.02) — detection scope must cover both product families. ↗
- ·No known public exploits specifically target this vulnerability and a high skill level is required to exploit — prioritize detection over blocking to avoid false positives in ICS environments. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m855-9ph3-r6p4: A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely
ghsa_unreviewed·2022-05-24
CVE-2020-12013 [MEDIUM] CWE-89 GHSA-m855-9ph3-r6p4: A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
CISA ICS
Mitsubishi Electric MC Works64, MC Works32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] Mitsubishi Electric MC Works64, MC Works32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric MC Works64, MC Works32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: Mitsubishi Electric
- Equipment: MC Works64, MC Works32
- Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following produc
CISA ICS
ICONICS GENESIS64, GENESIS32
cisa_ics·2020-06-18·CVSS 9.8
[CRITICAL] ICONICS GENESIS64, GENESIS32
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ICONICS GENESIS64, GENESIS32
Last RevisedJune 18, 2020
Alert CodeICSA-20-170-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely
- Vendor: ICONICS
- Equipment: GENESIS64, GENESIS32
- Vulnerabilities: Out-of-Bounds Write, Deserialization of Untrusted Data, Code Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following products using GenBroker64, Platform Services, Workbench, FrameWorX Server; v10.96 and prior a
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-16
Published