CVE-2020-12013
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-12013
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mitsubishi Electric MC Works32 SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mitsubishi Electric MC Works32是日本三菱电机(Mitsubishi Electric)公司的一套数据采集与监控系统(SCADA)。 Mitsubishi Electric MC Works64 4.02C (10.95.208.31)及之前版本和ICONICS GENESIS64 FrameWorX Server 10.96及之前版本中存在SQL注入漏洞。远程攻击者可借助特制消息利用该漏洞执行任意SQL命令并泄漏、篡改内部数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mitsubishi Electric | MC Works64 | Version 4.02C (10.95.208.31) and earlier | - | |
| Mitsubishi Electric | MC Works32 | Version 3.00A (9.50.255.02) | - | |
| ICONICS | GenBroker64, Platform Services, Workbench, FrameWorX Server | v10.96 and prior | - | |
| ICONICS | GenBroker32 | v9.5 and prior | - |
II. Public POCs for CVE-2020-12013
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-12013
请登录查看更多情报信息。
- https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02x_refsource_CONFIRM
- https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-12013
Same Patch Batch · Mitsubishi Electric · 2020-07-16 · 4 CVEs total
| CVE-2020-12007 | Mitsubishi Electric MC Works64和ICONICS GENESIS64 FrameWorX Server 代码问题漏洞 | |
| CVE-2020-12009 | Mitsubishi Electric MC Works64和ICONICS GENESIS64 Workbench Pack-and-Go 代码问题漏洞 | |
| CVE-2020-12015 | Mitsubishi Electric MC Works64和ICONICS GENESIS64 Platform Services 代码问题漏洞 |
IV. Related Vulnerabilities
Same vendor: Mitsubishi Electric
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2020-12013
No comments yet