Lucene search

[email protected]NVD:CVE-2020-12013

HistoryJul 16, 2020 - 10:15 p.m.

CVE-2020-12013

2020-07-1622:15:11

CWE-94

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.005

Percentile

77.2%

JSON

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.

Affected configurations

Nvd

Node

mitsubishielectricmc_works32Match9.50.255.02

mitsubishielectricmc_works64Range≤10.95.208.31

Node

iconicsenergy_analytixMatch-

iconicsfacility_analytixMatch-

iconicsgenesis64Match-

iconicshyper_historianMatch-

iconicsmobilehmiMatch-

iconicsquality_analytixMatch-

iconicssmart_energy_analytixMatch-

Node

iconicsbizvizMatch-

iconicsgenesis32Match-

VendorProductVersionCPE
mitsubishielectricmc_works329.50.255.02cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*
mitsubishielectricmc_works64*cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
iconicsenergy_analytix-cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*
iconicsfacility_analytix-cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*
iconicsgenesis64-cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*
iconicshyper_historian-cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*
iconicsmobilehmi-cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*
iconicsquality_analytix-cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*
iconicssmart_energy_analytix-cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*
iconicsbizviz-cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitsubishielectric	mc_works32	9.50.255.02	cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:::::::*
mitsubishielectric	mc_works64	*	cpe:2.3:a:mitsubishielectric:mc_works64::::::::
iconics	energy_analytix	-	cpe:2.3:a:iconics:energy_analytix:-:::::::*
iconics	facility_analytix	-	cpe:2.3:a:iconics:facility_analytix:-:::::::*
iconics	genesis64	-	cpe:2.3:a:iconics:genesis64:-:::::::*
iconics	hyper_historian	-	cpe:2.3:a:iconics:hyper_historian:-:::::::*
iconics	mobilehmi	-	cpe:2.3:a:iconics:mobilehmi:-:::::::*
iconics	quality_analytix	-	cpe:2.3:a:iconics:quality_analytix:-:::::::*
iconics	smart_energy_analytix	-	cpe:2.3:a:iconics:smart_energy_analytix:-:::::::*
iconics	bizviz	-	cpe:2.3:a:iconics:bizviz:-:::::::*

Rows per page:

1-10 of 111

References

us-cert.cisa.gov/ics/advisories/icsa-20-170-02

us-cert.cisa.gov/ics/advisories/icsa-20-170-03

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.005

Percentile

77.2%

JSON

Related for NVD:CVE-2020-12013

cvelist1 nessus1 cve1 prion1 zdi1 ics2