CVE-2020-12007
First published: Thu Jul 16 2020(Updated: )
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Mc Works | <=10.95.208.31 | |
| Mitsubishielectric Mc Works32 | =9.50.255.02 | |
| Iconics Energy Analytix | ||
| Iconics Facility Analytix | ||
| ICONICS GENESIS64 | ||
| ICONICS Hyper Historian | ||
| ICONICS MobileHMI | ||
| Iconics Quality Analytix | ||
| Iconics Smart Energy Analytix | ||
| ICONICS BizViz | ||
| ICONICS GENESIS32 | ||
| ICONICS GENESIS64 | ||
| ICONICS Hyper Historian | ||
| ICONICS AnalytiX | ||
| ICONICS MobileHMI | ||
| Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions | ||
| Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,
- https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03
- https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C
- https://www.cisa.gov/news-events/ics-advisories/icsa-20-170-02 (Advisory)
- https://www.cisa.gov/news-events/ics-advisories/icsa-20-170-03 (Advisory)
Frequently Asked Questions
What is CVE-2020-12007?
CVE-2020-12007 is a vulnerability that allows remote code execution and denial-of-service in Mitsubishi Electric MC Works64 version 4.02C and earlier, as well as other affected software.
How severe is CVE-2020-12007?
CVE-2020-12007 has a severity rating of 9.8 (critical).
How can CVE-2020-12007 be exploited?
CVE-2020-12007 can be exploited by sending a specially crafted communication packet to the affected devices.
What is the impact of CVE-2020-12007?
The impact of CVE-2020-12007 includes remote code execution and a denial-of-service condition.
How can I fix CVE-2020-12007?
To fix CVE-2020-12007, it is recommended to update to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishielectric mc works
- version/mitsubishielectric mc works/10.95.208.31
- canonical/mitsubishielectric mc works32
- version/mitsubishielectric mc works32/9.50.255.02
- vendor/iconics
- canonical/iconics energy analytix
- canonical/iconics facility analytix
- canonical/iconics genesis64
- canonical/iconics hyper historian
- canonical/iconics mobilehmi
- canonical/iconics quality analytix
- canonical/iconics smart energy analytix
- canonical/iconics bizviz
- canonical/iconics genesis32
- canonical/iconics analytix
- vendor/mitsubishi electric
- canonical/mitsubishi electric mc works64 version 4.02c (10.95.208.31) and earlier, all versions
- canonical/mitsubishi electric mc works32 version 3.00a (9.50.255.02)