← Back

CVE-2020-12007

nvd nist
Published: Jul 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.

Affected (11)

Mitsubishielectric
2 products
Mc Works
Mc Works32
Iconics
9 products
Energy Analytix
Facility Analytix
Genesis64
Hyper Historian
Mobilehmi
Quality Analytix
Smart Energy Analytix
Bizviz
Genesis32
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Mc Works
Up to 10.95.208.31
Mc Works32
Version 9.50.255.02
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Energy Analytix
All versions
Facility Analytix
All versions
Genesis64
All versions
Hyper Historian
All versions
Mobilehmi
All versions
Quality Analytix
All versions
Smart Energy Analytix
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Bizviz
All versions
Genesis32
All versions

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.