CVE-2020-12007

Summary

A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi ElectricMC Works64Version 4.02C (10.95.208.31) and earlieraffected
Mitsubishi ElectricMC Works64all versionsaffected
Mitsubishi ElectricMC Works32Version 3.00A (9.50.255.02)affected
ICONICSGenBroker64, Platform Services, Workbench, FrameWorX Serverv10.96 and prioraffected
ICONICSGenBroker32v9.5 and prioraffected

Weaknesses

  • CWE-502: DESERIALIZATION OF UNTRUSTED DATA CWE-502

ADP Enrichment

CVE Program Container

Additional References

References