Mitsubishi Electric MC Works64, MC Works32

🗓️ 18 Jun 2020 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 27 Views

Mitsubishi Electric MC Works64, MC Works32 have multiple vulnerabilities including Out-of-bounds Write, Deserialization of Untrusted Data, and Code Injection allowing for remote code execution, denial-of-service, information disclosure, and information tampering. Update to the latest software version or apply security patches

Reporter	Title	Published	Views	Family All 53
BDU FSTEC	Vulnerability of software packages for monitoring and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for organizing API exchanges. This vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure.	14 Oct 202000:00	–	bdu_fstec
BDU FSTEC	Vulnerability of software packages for supervisory control and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications: Workbench, software platform: Platform Services, application for organization of API exchange: GenBroker64/GenBroker32. This vulnerability is related to deficiencies in the deserialization mechanism, allowing a intruder to trigger a service failure.	14 Oct 202000:00	–	bdu_fstec
BDU FSTEC	Vulnerability of software packages for monitoring and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for managing access rights. This vulnerability allows a malicious actor to trigger a service failure.	14 Oct 202000:00	–	bdu_fstec
BDU FSTEC	Vulnerability of software packages for supervisory control and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for organization of access rights exchange. This vulnerability is related to insufficient control over code generation, allowing attackers to execute arbitrary commands.	14 Oct 202000:00	–	bdu_fstec
BDU FSTEC	Vulnerability of software packages for monitoring and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for managing access rights. This vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure.	14 Oct 202000:00	–	bdu_fstec
CNVD	Mitsubishi Electric MC Works64 Code Issue Vulnerability	19 Jun 202000:00	–	cnvd
CNVD	Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability	19 Jun 202000:00	–	cnvd
CNVD	Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability (CNVD-2020-34371)	19 Jun 202000:00	–	cnvd
CNVD	Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability	19 Jun 202000:00	–	cnvd
CNVD	Mitsubishi Electric MC Works64 and MC Works32 Buffer Overflow Vulnerability	19 Jun 202000:00	–	cnvd

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-170-02.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-20-170-02
us-cert	www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01
us-cert	www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
us-cert	www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B

18 Jun 2020 00:00Current

9.8High risk

Vulners AI Score9.8

CVSS 27.5

CVSS 3.19.8

EPSS0.29194