CVE-2020-12015

Summary

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi ElectricMC Works64version 4.02C (10.95.208.31) and earlieraffected
Mitsubishi ElectricMC Works64all versionsaffected
Mitsubishi ElectricMC Works32version 3.00A (9.50.255.02)affected
ICONICSGenBroker64, Platform Services, Workbench, FrameWorX Serverversion 10.96 and prioraffected
ICONICSGenBroker32version 9.5 and prioraffected

Weaknesses

  • CWE-502: DESERIALIZATION OF UNTRUSTED DATA CWE-502

ADP Enrichment

CVE Program Container

Additional References

References