CVE-2020-12013

Summary

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi ElectricMC Works64Version 4.02C (10.95.208.31) and earlieraffected
Mitsubishi ElectricMC Works64all versionsaffected
Mitsubishi ElectricMC Works32Version 3.00A (9.50.255.02)affected
ICONICSGenBroker64, Platform Services, Workbench, FrameWorX Serverv10.96 and prioraffected
ICONICSGenBroker32v9.5 and prioraffected

Weaknesses

  • CWE-94: IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94

ADP Enrichment

CVE Program Container

Additional References

References