(Pwn2Own) ICONICS GENESIS64 genbroker64 Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GenBroker64 service. The issue results from the lack of validating the existence o...

ICONICS GENESIS64 GenBroker64 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64 GenBroker64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GenBroker64 service, which listens on TCP port 38080 by defaul...

CVE-2020-12013

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...

Deserialization of untrusted data

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A...

CVE-2020-12007

A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi...

CVE-2020-12007

CVE-2020-12007 describes a deserialization vulnerability in ICONICS Genesis64/Genesis32 GenBroker components (FrameWorX server) that can enable remote code execution or a denial-of-service when processing specially crafted network packets. Affected products include GENESIS64 GenBroker64/FrameWorX...

CVE-2020-12013

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...

CVE-2020-12009

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

CVE-2020-12009

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

Deserialization of untrusted data

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

CVE-2020-12009

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

CVE-2020-12011

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier, all versions; MC Works32 version 3.00A 9.50.255.02; ICONICS...