CVE-2020-12015
First published: Thu Jul 16 2020(Updated: )
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Mc Works | <=10.95.208.31 | |
| Mitsubishielectric Mc Works32 | =9.50.255.02 | |
| Iconics Energy Analytix | ||
| Iconics Facility Analytix | ||
| ICONICS GENESIS64 | ||
| ICONICS Hyper Historian | ||
| ICONICS MobileHMI | ||
| Iconics Quality Analytix | ||
| Iconics Smart Energy Analytix | ||
| ICONICS BizViz | ||
| ICONICS GENESIS32 | ||
| ICONICS GENESIS64 | ||
| ICONICS Hyper Historian | ||
| ICONICS AnalytiX | ||
| ICONICS MobileHMI | ||
| Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions | ||
| Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12015?
CVE-2020-12015 is a vulnerability in Mitsubishi Electric MC Works64 and MC Works32 that allows for a denial-of-service attack via a specially crafted communication packet.
Which systems are affected by CVE-2020-12015?
The vulnerability affects Mitsubishi Electric MC Works64 version 4.02C and earlier, all versions, as well as Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02).
What is the severity of CVE-2020-12015?
CVE-2020-12015 has a severity score of 7.5, which is considered high.
How can CVE-2020-12015 be exploited?
CVE-2020-12015 can be exploited by sending a specially crafted communication packet to the affected systems.
Are there any references available for CVE-2020-12015?
Yes, you can find more information about CVE-2020-12015 at the following references: [Reference 1](https://www.us-cert.gov/ics/advisories/icsa-20-170-02), [Reference 2](https://www.us-cert.gov/ics/advisories/icsa-20-170-03).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishielectric mc works
- version/mitsubishielectric mc works/10.95.208.31
- canonical/mitsubishielectric mc works32
- version/mitsubishielectric mc works32/9.50.255.02
- vendor/iconics
- canonical/iconics energy analytix
- canonical/iconics facility analytix
- canonical/iconics genesis64
- canonical/iconics hyper historian
- canonical/iconics mobilehmi
- canonical/iconics quality analytix
- canonical/iconics smart energy analytix
- canonical/iconics bizviz
- canonical/iconics genesis32
- canonical/iconics analytix
- vendor/mitsubishi electric
- canonical/mitsubishi electric mc works64 version 4.02c (10.95.208.31) and earlier, all versions
- canonical/mitsubishi electric mc works32 version 3.00a (9.50.255.02)