Vulnerabilites related to iconics - facility_analytix
cve-2020-12011
Vulnerability from cvelistv5
Published
2020-07-16 18:53
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Mitsubishi Electric MC Works64 |
Version: Version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Mitsubishi Electric MC Works64", vendor: "n/a", versions: [ { status: "affected", version: "Version 4.02C (10.95.208.31) and earlier", }, { status: "affected", version: "all versions", }, ], }, { product: "MC Works32", vendor: "n/a", versions: [ { status: "affected", version: "Version 3.00A (9.50.255.02)", }, ], }, { product: "ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server", vendor: "n/a", versions: [ { status: "affected", version: "v10.96 and prior", }, ], }, { product: "GenBroker32", vendor: "n/a", versions: [ { status: "affected", version: "v9.5 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "OUT-OF-BOUNDS WRITE CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T18:53:05", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-12011", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Mitsubishi Electric MC Works64", version: { version_data: [ { version_value: "Version 4.02C (10.95.208.31) and earlier", }, { version_value: "all versions", }, ], }, }, { product_name: "MC Works32", version: { version_data: [ { version_value: "Version 3.00A (9.50.255.02)", }, ], }, }, { product_name: "ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server", version: { version_data: [ { version_value: "v10.96 and prior", }, ], }, }, { product_name: "GenBroker32", version: { version_data: [ { version_value: "v9.5 and prior", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "OUT-OF-BOUNDS WRITE CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-12011", datePublished: "2020-07-16T18:53:05", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12015
Vulnerability from cvelistv5
Published
2020-07-16 21:30
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-170-03 | x_refsource_CONFIRM | |
| https://www.us-cert.gov/ics/advisories/icsa-20-170-02 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric | MC Works64 |
Version: version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.726Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-02", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MC Works64", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "version 4.02C (10.95.208.31) and earlier", }, { status: "affected", version: "all versions", }, ], }, { product: "MC Works32", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "version 3.00A (9.50.255.02)", }, ], }, { product: "GenBroker64, Platform Services, Workbench, FrameWorX Server", vendor: "ICONICS", versions: [ { status: "affected", version: "version 10.96 and prior", }, ], }, { product: "GenBroker32", vendor: "ICONICS", versions: [ { status: "affected", version: "version 9.5 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "DESERIALIZATION OF UNTRUSTED DATA CWE-502", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T21:30:43", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-02", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-12015", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MC Works64", version: { version_data: [ { version_value: "version 4.02C (10.95.208.31) and earlier", }, { version_value: "all versions", }, ], }, }, { product_name: "MC Works32", version: { version_data: [ { version_value: "version 3.00A (9.50.255.02)", }, ], }, }, ], }, vendor_name: "Mitsubishi Electric", }, { product: { product_data: [ { product_name: "GenBroker64, Platform Services, Workbench, FrameWorX Server", version: { version_data: [ { version_value: "version 10.96 and prior", }, ], }, }, { product_name: "GenBroker32", version: { version_data: [ { version_value: "version 9.5 and prior", }, ], }, }, ], }, vendor_name: "ICONICS", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DESERIALIZATION OF UNTRUSTED DATA CWE-502", }, ], }, ], }, references: { reference_data: [ { name: "https://www.us-cert.gov/ics/advisories/icsa-20-170-03", refsource: "CONFIRM", url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-03", }, { name: "https://www.us-cert.gov/ics/advisories/icsa-20-170-02", refsource: "CONFIRM", url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-02", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-12015", datePublished: "2020-07-16T21:30:43", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12013
Vulnerability from cvelistv5
Published
2020-07-16 21:14
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric | MC Works64 |
Version: Version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.506Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MC Works64", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "Version 4.02C (10.95.208.31) and earlier", }, { status: "affected", version: "all versions", }, ], }, { product: "MC Works32", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "Version 3.00A (9.50.255.02)", }, ], }, { product: "GenBroker64, Platform Services, Workbench, FrameWorX Server", vendor: "ICONICS", versions: [ { status: "affected", version: "v10.96 and prior", }, ], }, { product: "GenBroker32", vendor: "ICONICS", versions: [ { status: "affected", version: "v9.5 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T21:14:34", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-12013", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MC Works64", version: { version_data: [ { version_value: "Version 4.02C (10.95.208.31) and earlier", }, { version_value: "all versions", }, ], }, }, { product_name: "MC Works32", version: { version_data: [ { version_value: "Version 3.00A (9.50.255.02)", }, ], }, }, ], }, vendor_name: "Mitsubishi Electric", }, { product: { product_data: [ { product_name: "GenBroker64, Platform Services, Workbench, FrameWorX Server", version: { version_data: [ { version_value: "v10.96 and prior", }, ], }, }, { product_name: "GenBroker32", version: { version_data: [ { version_value: "v9.5 and prior", }, ], }, }, ], }, vendor_name: "ICONICS", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-12013", datePublished: "2020-07-16T21:14:34", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.506Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12007
Vulnerability from cvelistv5
Published
2020-07-16 21:49
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric | MC Works64 |
Version: Version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.519Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MC Works64", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "Version 4.02C (10.95.208.31) and earlier", }, { status: "affected", version: "all versions", }, ], }, { product: "MC Works32", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "Version 3.00A (9.50.255.02)", }, ], }, { product: "GenBroker64, Platform Services, Workbench, FrameWorX Server", vendor: "ICONICS", versions: [ { status: "affected", version: "v10.96 and prior", }, ], }, { product: "GenBroker32", vendor: "ICONICS", versions: [ { status: "affected", version: "v9.5 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "DESERIALIZATION OF UNTRUSTED DATA CWE-502", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T21:49:12", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-12007", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MC Works64", version: { version_data: [ { version_value: "Version 4.02C (10.95.208.31) and earlier", }, { version_value: "all versions", }, ], }, }, { product_name: "MC Works32", version: { version_data: [ { version_value: "Version 3.00A (9.50.255.02)", }, ], }, }, ], }, vendor_name: "Mitsubishi Electric", }, { product: { product_data: [ { product_name: "GenBroker64, Platform Services, Workbench, FrameWorX Server", version: { version_data: [ { version_value: "v10.96 and prior", }, ], }, }, { product_name: "GenBroker32", version: { version_data: [ { version_value: "v9.5 and prior", }, ], }, }, ], }, vendor_name: "ICONICS", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DESERIALIZATION OF UNTRUSTED DATA CWE-502", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-12007", datePublished: "2020-07-16T21:49:12", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12009
Vulnerability from cvelistv5
Published
2020-07-16 19:39
Modified
2024-09-16 23:00
Severity ?
EPSS score ?
Summary
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric | MC Works64 |
Version: 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MC Works64", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "4.02C (10.95.208.31) and earlier", }, { status: "affected", version: "all versions", }, ], }, { product: "MC Works32", vendor: "Mitsubishi Electric", versions: [ { status: "affected", version: "Version 3.00A (9.50.255.02)", }, ], }, { product: "GenBroker64, Platform Services, Workbench, FrameWorX Server", vendor: "ICONICS", versions: [ { status: "affected", version: "v10.96 and prior", }, ], }, { product: "GenBroker32", vendor: "ICONICS", versions: [ { status: "affected", version: "v9.5 and prior", }, ], }, ], datePublic: "2020-06-18T00:00:00", descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "DESERIALIZATION OF UNTRUSTED DATA CWE-502", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T19:39:24", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2020-06-18T15:00:00.000Z", ID: "CVE-2020-12009", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MC Works64", version: { version_data: [ { version_value: "4.02C (10.95.208.31) and earlier", }, { version_value: "all versions", }, ], }, }, { product_name: "MC Works32", version: { version_data: [ { version_value: "Version 3.00A (9.50.255.02)", }, ], }, }, ], }, vendor_name: "Mitsubishi Electric", }, { product: { product_data: [ { product_name: "GenBroker64, Platform Services, Workbench, FrameWorX Server", version: { version_data: [ { version_value: "v10.96 and prior", }, ], }, }, { product_name: "GenBroker32", version: { version_data: [ { version_value: "v9.5 and prior", }, ], }, }, ], }, vendor_name: "ICONICS", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DESERIALIZATION OF UNTRUSTED DATA CWE-502", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-12009", datePublished: "2020-07-16T19:39:24.072953Z", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-09-16T23:00:29.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C | ||
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*", matchCriteriaId: "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB", versionEndIncluding: "10.95.208.31", vulnerable: true, }, { criteria: "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*", matchCriteriaId: "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "DD143148-B191-4D8E-9C28-09D4AC5D192C", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "BE3C5226-94D4-4826-9B76-72626081DF46", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*", matchCriteriaId: "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*", matchCriteriaId: "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*", matchCriteriaId: "16745C56-A59A-4C38-92E1-FC5C63220989", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "717A4B7B-2A42-4A9C-961F-1EA5E62FB188", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "5082C435-FCCD-4CF6-891E-73F846A6FB40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*", matchCriteriaId: "CF628CB2-BCA9-4E69-A9CB-846577F98DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*", matchCriteriaId: "771DB32A-CD85-4638-B90E-25D9B4951DE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.", }, { lang: "es", value: "Un paquete de comunicación especialmente diseñado enviado a los dispositivos afectados podría permitir una ejecución de código remota y una condición de denegación de servicio debido a una vulnerabilidad de deserialización. Este problema afecta: Mitsubishi Electric MC Works64 versión 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versión 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versión 10.96 y anteriores; ICONICS GenBroker32 versión 9.5 y anteriores", }, ], id: "CVE-2020-12007", lastModified: "2024-11-21T04:59:06.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T22:15:11.337", references: [ { source: "ics-cert@hq.dhs.gov", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| mitsubishielectric | mc_works64 | * | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*", matchCriteriaId: "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F", vulnerable: true, }, { criteria: "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*", matchCriteriaId: "9DFE4C50-FB00-4449-8A7F-D524109A1F1D", versionEndIncluding: "10.95.208.31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "DD143148-B191-4D8E-9C28-09D4AC5D192C", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "BE3C5226-94D4-4826-9B76-72626081DF46", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*", matchCriteriaId: "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*", matchCriteriaId: "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*", matchCriteriaId: "16745C56-A59A-4C38-92E1-FC5C63220989", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "717A4B7B-2A42-4A9C-961F-1EA5E62FB188", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "5082C435-FCCD-4CF6-891E-73F846A6FB40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*", matchCriteriaId: "CF628CB2-BCA9-4E69-A9CB-846577F98DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*", matchCriteriaId: "771DB32A-CD85-4638-B90E-25D9B4951DE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.", }, { lang: "es", value: "Un cliente WCF especialmente diseñado que interactúa con el puede permitir la ejecución de determinados comandos SQL arbitrarios remotamente. Esto afecta: Mitsubishi Electric MC Works64 Versión 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versión 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versión v10.96 y anteriores; ICONICS GenBroker32 versión v9.5 y anteriores", }, ], id: "CVE-2020-12013", lastModified: "2024-11-21T04:59:06.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T22:15:11.417", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 20:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*", matchCriteriaId: "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB", versionEndIncluding: "10.95.208.31", vulnerable: true, }, { criteria: "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*", matchCriteriaId: "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "DD143148-B191-4D8E-9C28-09D4AC5D192C", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "BE3C5226-94D4-4826-9B76-72626081DF46", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*", matchCriteriaId: "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*", matchCriteriaId: "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*", matchCriteriaId: "16745C56-A59A-4C38-92E1-FC5C63220989", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "717A4B7B-2A42-4A9C-961F-1EA5E62FB188", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "5082C435-FCCD-4CF6-891E-73F846A6FB40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*", matchCriteriaId: "CF628CB2-BCA9-4E69-A9CB-846577F98DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*", matchCriteriaId: "771DB32A-CD85-4638-B90E-25D9B4951DE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.", }, { lang: "es", value: "Un paquete de comunicación especialmente diseñado enviado al dispositivo afectado podría causar una condición de denegación de servicio debido a una vulnerabilidad de deserialización. Esto afecta: Mitsubishi Electric MC Works64 versión 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versión 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versión v10.96 y anteriores; ICONICS GenBroker32 versión v9.5 y anteriores", }, ], id: "CVE-2020-12009", lastModified: "2024-11-21T04:59:06.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T20:15:11.057", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 19:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*", matchCriteriaId: "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB", versionEndIncluding: "10.95.208.31", vulnerable: true, }, { criteria: "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*", matchCriteriaId: "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "DD143148-B191-4D8E-9C28-09D4AC5D192C", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "BE3C5226-94D4-4826-9B76-72626081DF46", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*", matchCriteriaId: "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*", matchCriteriaId: "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*", matchCriteriaId: "16745C56-A59A-4C38-92E1-FC5C63220989", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "717A4B7B-2A42-4A9C-961F-1EA5E62FB188", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "5082C435-FCCD-4CF6-891E-73F846A6FB40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*", matchCriteriaId: "CF628CB2-BCA9-4E69-A9CB-846577F98DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*", matchCriteriaId: "771DB32A-CD85-4638-B90E-25D9B4951DE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.", }, { lang: "es", value: "Un paquete de comunicación especialmente diseñado enviado a los sistemas afectados podría causar una condición de denegación de servicio o permitir una ejecución de código remota. Este problema afecta: Mitsubishi Electric MC Works64 versión 4.02C (10.95.208.31) y anteriores, todas las versiones; MC Works32 versión 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versión 10.96 y anteriores; GenBroker32 versión 9.5 y anteriores", }, ], id: "CVE-2020-12011", lastModified: "2024-11-21T04:59:06.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T19:15:11.830", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*", matchCriteriaId: "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB", versionEndIncluding: "10.95.208.31", vulnerable: true, }, { criteria: "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*", matchCriteriaId: "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "DD143148-B191-4D8E-9C28-09D4AC5D192C", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "BE3C5226-94D4-4826-9B76-72626081DF46", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*", matchCriteriaId: "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*", matchCriteriaId: "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*", matchCriteriaId: "16745C56-A59A-4C38-92E1-FC5C63220989", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "717A4B7B-2A42-4A9C-961F-1EA5E62FB188", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*", matchCriteriaId: "5082C435-FCCD-4CF6-891E-73F846A6FB40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*", matchCriteriaId: "CF628CB2-BCA9-4E69-A9CB-846577F98DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*", matchCriteriaId: "771DB32A-CD85-4638-B90E-25D9B4951DE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.", }, { lang: "es", value: "Un paquete de comunicación especialmente diseñado enviado a los sistemas afectados podría causar una condición de denegación de servicio debido a una deserialización inapropiada. Este problema afecta: Mitsubishi Electric MC Works64 versión 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versión 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versión v10.96 y anteriores; ICONICS GenBroker32 versión 9.5 y anteriores", }, ], id: "CVE-2020-12015", lastModified: "2024-11-21T04:59:07.153", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T22:15:11.493", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-02", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-170-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }