CVE-2020-12007

CVE-2020-12007 describes a deserialization vulnerability in ICONICS Genesis64/Genesis32 GenBroker components (FrameWorX server) that can enable remote code execution or a denial-of-service when processing specially crafted network packets. Affected products include GENESIS64 GenBroker64/FrameWorX...

CVE-2020-12013

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...

Deserialization of untrusted data

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

CVE-2020-12009

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

CVE-2020-12011

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier, all versions; MC Works32 version 3.00A 9.50.255.02; ICONICS...

Mitsubishi Electric MC Works64, MC Works32

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MC Works64, MC Works32 Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow...