CVE-2020-12013 — CRITICAL (9.1)

Q: How severe is CVE-2020-12013?

CVE-2020-12013 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-12013?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Mc Works32, Mitsubishielectric Mc Works64, Iconics Energy Analytix, Iconics Facility Analytix, Iconics Genesis64.

Vulnerability Description

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Mc Works32	9.50.255.02
Mitsubishielectric	Mc Works64	<= 10.95.208.31
Iconics	Energy Analytix	-
Iconics	Facility Analytix	-
Iconics	Genesis64	-
Iconics	Hyper Historian	-
Iconics	Mobilehmi	-
Iconics	Quality Analytix	-
Iconics	Smart Energy Analytix	-
Iconics	Bizviz	-
Iconics	Genesis32	-

Related Weaknesses (CWE)

CWE-94 CWE-89

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02Third Party AdvisoryUS Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03Third Party AdvisoryUS Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02Third Party AdvisoryUS Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-12013?

CVE-2020-12013 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and ...

How severe is CVE-2020-12013?

CVE-2020-12013 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-12013?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Mc Works32, Mitsubishielectric Mc Works64, Iconics Energy Analytix, Iconics Facility Analytix, Iconics Genesis64.