CVE-2020-12015
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-12015
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mitsubishi Electric MC Works64和ICONICS GENESIS64 Platform Services 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mitsubishi Electric MC Works64和MC Works32都是日本三菱电机(Mitsubishi Electric)公司的一套数据采集与监控系统(SCADA)。 Mitsubishi Electric MC Works64 4.02C (10.95.208.31)及之前版本和ICONICS GENESIS64 Platform Services 10.96及之前版本中存在代码问题漏洞,该漏洞源于不正确的反序列化。攻击者可借助特制通信包利用该漏洞导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mitsubishi Electric | MC Works64 | version 4.02C (10.95.208.31) and earlier | - | |
| Mitsubishi Electric | MC Works32 | version 3.00A (9.50.255.02) | - | |
| ICONICS | GenBroker64, Platform Services, Workbench, FrameWorX Server | version 10.96 and prior | - | |
| ICONICS | GenBroker32 | version 9.5 and prior | - |
II. Public POCs for CVE-2020-12015
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-12015
请登录查看更多情报信息。
- https://www.us-cert.gov/ics/advisories/icsa-20-170-02x_refsource_CONFIRM
- https://www.us-cert.gov/ics/advisories/icsa-20-170-03x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-12015
Same Patch Batch · Mitsubishi Electric · 2020-07-16 · 4 CVEs total
| CVE-2020-12007 | Mitsubishi Electric MC Works64和ICONICS GENESIS64 FrameWorX Server 代码问题漏洞 | |
| CVE-2020-12009 | Mitsubishi Electric MC Works64和ICONICS GENESIS64 Workbench Pack-and-Go 代码问题漏洞 | |
| CVE-2020-12013 | Mitsubishi Electric MC Works32 SQL注入漏洞 |
IV. Related Vulnerabilities
Same vendor: Mitsubishi Electric
Same weakness: CWE-502
- CVE-2026-44126
Insecure deserialization - CVE-2026-5127
User Frontend: AI Powered Frontend Posting, User Directory, - CVE-2026-41586
ObjectInputStream.readObject() without ObjectInputFilter in - CVE-2026-34084
PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFac - CVE-2026-7712
MindsDB Pickle pickle.loads deserialization
V. Comments for CVE-2020-12015
No comments yet