CVE-2020-12011 - OpenCVE

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Iconics	Hyper Historian Mobilehmi Smart Energy Analytix Energy Analytix Facility Analytix Genesis64 Genesis32 Quality Analytix Bizviz
Mitsubishielectric	Mc Works Mc Works32

Configuration 1 [-]

OR	cpe:2.3:a:mitsubishielectric:mc_works::::::::
	cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:iconics:energy_analytix:-:::::::*
	cpe:2.3:a:iconics:facility_analytix:-:::::::*
	cpe:2.3:a:iconics:genesis64:-:::::::*
	cpe:2.3:a:iconics:hyper_historian:-:::::::*
	cpe:2.3:a:iconics:mobilehmi:-:::::::*
	cpe:2.3:a:iconics:quality_analytix:-:::::::*
	cpe:2.3:a:iconics:smart_energy_analytix:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:iconics:bizviz:-:::::::*
	cpe:2.3:a:iconics:genesis32:-:::::::*

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02	Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2020-07-16T18:53:05

Updated: 2020-07-16T18:53:05

Reserved: 2020-04-21T00:00:00

Link: CVE-2020-12011

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-07-16T19:15:11.830

Modified: 2020-07-29T13:55:13.330

Link: CVE-2020-12011

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "Mitsubishi Electric MC Works64", "vendor": "n/a", "versions": [{"status": "affected", "version": "Version 4.02C (10.95.208.31) and earlier"}, {"status": "affected", "version": "all versions"}]}, {"product": "MC Works32", "vendor": "n/a", "versions": [{"status": "affected", "version": "Version 3.00A (9.50.255.02)"}]}, {"product": "ICONICS\u00a0 GenBroker64, Platform Services, Workbench, FrameWorX Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "v10.96 and prior"}]}, {"product": "GenBroker32", "vendor": "n/a", "versions": [{"status": "affected", "version": "v9.5 and prior"}]}], "descriptions": [{"lang": "en", "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "OUT-OF-BOUNDS WRITE CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-16T18:53:05", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mitsubishi Electric MC Works64", "version": {"version_data": [{"version_value": "Version 4.02C (10.95.208.31) and earlier"}, {"version_value": "all versions"}]}}, {"product_name": "MC Works32", "version": {"version_data": [{"version_value": "Version 3.00A (9.50.255.02)"}]}}, {"product_name": "ICONICS\u00a0 GenBroker64, Platform Services, Workbench, FrameWorX Server", "version": {"version_data": [{"version_value": "v10.96 and prior"}]}}, {"product_name": "GenBroker32", "version": {"version_data": [{"version_value": "v9.5 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "OUT-OF-BOUNDS WRITE CWE-787"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12011", "datePublished": "2020-07-16T18:53:05", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2020-07-16T18:53:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB", "versionEndIncluding": "10.95.208.31", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*", "matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C", "vulnerable": true}, {"criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46", "vulnerable": true}, {"criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*", "matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*", "matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*", "matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989", "vulnerable": true}, {"criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*", "matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188", "vulnerable": true}, {"criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*", "matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*", "matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."}, {"lang": "es", "value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado a los sistemas afectados podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio o permitir una ejecuci\u00f3n de c\u00f3digo remota. Este problema afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n 10.96 y anteriores; GenBroker32 versi\u00f3n 9.5 y anteriores"}], "id": "CVE-2020-12011", "lastModified": "2020-07-29T13:55:13.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-16T19:15:11.830", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}