CVE-2020-12015
moderate-risk
Published 2020-07-16
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Do I need to act?
-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (11)
Mc Works
Mc Works32
Energy Analytix
Facility Analytix
Genesis64
Hyper Historian
Mobilehmi
Quality Analytix
Smart Energy Analytix
Bizviz
Genesis32
Affected Vendors
References (4)
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-170-02
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-170-03
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-170-02
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-170-03
43
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
16/34 · Moderate