CVE-2020-12009

moderate-risk

Published 2020-07-16

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.

Do I need to act?

0.20% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (11)

Mc Works

Mc Works32

Energy Analytix

Facility Analytix

Genesis64

Hyper Historian

Mobilehmi

Quality Analytix

Smart Energy Analytix

Bizviz

Genesis32

Affected Vendors

Iconics Mitsubishielectric

References (4)

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate