Vulnerabilites related to iconics - genesis32
CVE-2020-12013 (GCVE-0-2020-12013)
Vulnerability from cvelistv5
Published
2020-07-16 21:14
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION')
Summary
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Mitsubishi Electric | MC Works64 |
Version: Version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MC Works64",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 4.02C (10.95.208.31) and earlier"
},
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "MC Works32",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 3.00A (9.50.255.02)"
}
]
},
{
"product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "v10.96 and prior"
}
]
},
{
"product": "GenBroker32",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "v9.5 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "IMPROPER CONTROL OF GENERATION OF CODE (\u0027CODE INJECTION\u0027) CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T21:14:34",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MC Works64",
"version": {
"version_data": [
{
"version_value": "Version 4.02C (10.95.208.31) and earlier"
},
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "MC Works32",
"version": {
"version_data": [
{
"version_value": "Version 3.00A (9.50.255.02)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
},
{
"product": {
"product_data": [
{
"product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"version": {
"version_data": [
{
"version_value": "v10.96 and prior"
}
]
}
},
{
"product_name": "GenBroker32",
"version": {
"version_data": [
{
"version_value": "v9.5 and prior"
}
]
}
}
]
},
"vendor_name": "ICONICS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER CONTROL OF GENERATION OF CODE (\u0027CODE INJECTION\u0027) CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12013",
"datePublished": "2020-07-16T21:14:34",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12009 (GCVE-0-2020-12009)
Vulnerability from cvelistv5
Published
2020-07-16 19:39
Modified
2024-09-16 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - DESERIALIZATION OF UNTRUSTED DATA
Summary
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Mitsubishi Electric | MC Works64 |
Version: 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MC Works64",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "4.02C (10.95.208.31) and earlier"
},
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "MC Works32",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 3.00A (9.50.255.02)"
}
]
},
{
"product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "v10.96 and prior"
}
]
},
{
"product": "GenBroker32",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "v9.5 and prior"
}
]
}
],
"datePublic": "2020-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T19:39:24",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-06-18T15:00:00.000Z",
"ID": "CVE-2020-12009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MC Works64",
"version": {
"version_data": [
{
"version_value": "4.02C (10.95.208.31) and earlier"
},
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "MC Works32",
"version": {
"version_data": [
{
"version_value": "Version 3.00A (9.50.255.02)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
},
{
"product": {
"product_data": [
{
"product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"version": {
"version_data": [
{
"version_value": "v10.96 and prior"
}
]
}
},
{
"product_name": "GenBroker32",
"version": {
"version_data": [
{
"version_value": "v9.5 and prior"
}
]
}
}
]
},
"vendor_name": "ICONICS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12009",
"datePublished": "2020-07-16T19:39:24.072953Z",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-09-16T23:00:29.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5088 (GCVE-0-2011-5088)
Vulnerability from cvelistv5
Published
2012-04-18 17:00
Modified
2024-09-17 04:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-18T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5088",
"datePublished": "2012-04-18T17:00:00Z",
"dateReserved": "2012-04-18T00:00:00Z",
"dateUpdated": "2024-09-17T04:18:54.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12007 (GCVE-0-2020-12007)
Vulnerability from cvelistv5
Published
2020-07-16 21:49
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - DESERIALIZATION OF UNTRUSTED DATA
Summary
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Mitsubishi Electric | MC Works64 |
Version: Version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MC Works64",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 4.02C (10.95.208.31) and earlier"
},
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "MC Works32",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 3.00A (9.50.255.02)"
}
]
},
{
"product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "v10.96 and prior"
}
]
},
{
"product": "GenBroker32",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "v9.5 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T21:49:12",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MC Works64",
"version": {
"version_data": [
{
"version_value": "Version 4.02C (10.95.208.31) and earlier"
},
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "MC Works32",
"version": {
"version_data": [
{
"version_value": "Version 3.00A (9.50.255.02)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
},
{
"product": {
"product_data": [
{
"product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"version": {
"version_data": [
{
"version_value": "v10.96 and prior"
}
]
}
},
{
"product_name": "GenBroker32",
"version": {
"version_data": [
{
"version_value": "v9.5 and prior"
}
]
}
}
]
},
"vendor_name": "ICONICS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12007",
"datePublished": "2020-07-16T21:49:12",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3018 (GCVE-0-2012-3018)
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-09-16 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-31T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3018",
"datePublished": "2012-07-31T10:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:03.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5089 (GCVE-0-2011-5089)
Vulnerability from cvelistv5
Published
2012-04-18 17:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "genesis32-security-login-bo(74932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "genesis32-security-login-bo(74932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "genesis32-security-login-bo(74932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5089",
"datePublished": "2012-04-18T17:00:00",
"dateReserved": "2012-04-18T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0758 (GCVE-0-2014-0758)
Vulnerability from cvelistv5
Published
2014-02-24 02:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-24T02:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0758",
"datePublished": "2014-02-24T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2089 (GCVE-0-2011-2089)
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
},
{
"name": "72135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72135"
},
{
"name": "44417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44417"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
},
{
"name": "ADV-2011-1174",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1174"
},
{
"name": "47704",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47704"
},
{
"name": "17240",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17240"
},
{
"name": "17269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17269"
},
{
"name": "webhmi-activex-bo(67267)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
},
{
"name": "72135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72135"
},
{
"name": "44417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44417"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
},
{
"name": "ADV-2011-1174",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1174"
},
{
"name": "47704",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47704"
},
{
"name": "17240",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17240"
},
{
"name": "17269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17269"
},
{
"name": "webhmi-activex-bo(67267)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
},
{
"name": "72135",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72135"
},
{
"name": "44417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44417"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
},
{
"name": "ADV-2011-1174",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1174"
},
{
"name": "47704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47704"
},
{
"name": "17240",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17240"
},
{
"name": "17269",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17269"
},
{
"name": "webhmi-activex-bo(67267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2089",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12015 (GCVE-0-2020-12015)
Vulnerability from cvelistv5
Published
2020-07-16 21:30
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - DESERIALIZATION OF UNTRUSTED DATA
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Mitsubishi Electric | MC Works64 |
Version: version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MC Works64",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "version 4.02C (10.95.208.31) and earlier"
},
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "MC Works32",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "version 3.00A (9.50.255.02)"
}
]
},
{
"product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "version 10.96 and prior"
}
]
},
{
"product": "GenBroker32",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "version 9.5 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T21:30:43",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MC Works64",
"version": {
"version_data": [
{
"version_value": "version 4.02C (10.95.208.31) and earlier"
},
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "MC Works32",
"version": {
"version_data": [
{
"version_value": "version 3.00A (9.50.255.02)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
},
{
"product": {
"product_data": [
{
"product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
"version": {
"version_data": [
{
"version_value": "version 10.96 and prior"
}
]
}
},
{
"product_name": "GenBroker32",
"version": {
"version_data": [
{
"version_value": "version 9.5 and prior"
}
]
}
}
]
},
"vendor_name": "ICONICS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03",
"refsource": "CONFIRM",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02",
"refsource": "CONFIRM",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12015",
"datePublished": "2020-07-16T21:30:43",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12011 (GCVE-0-2020-12011)
Vulnerability from cvelistv5
Published
2020-07-16 18:53
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | Mitsubishi Electric MC Works64 |
Version: Version 4.02C (10.95.208.31) and earlier Version: all versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric MC Works64",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 4.02C (10.95.208.31) and earlier"
},
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "MC Works32",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.00A (9.50.255.02)"
}
]
},
{
"product": "ICONICS\u00a0 GenBroker64, Platform Services, Workbench, FrameWorX Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v10.96 and prior"
}
]
},
{
"product": "GenBroker32",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9.5 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T18:53:05",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MC Works64",
"version": {
"version_data": [
{
"version_value": "Version 4.02C (10.95.208.31) and earlier"
},
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "MC Works32",
"version": {
"version_data": [
{
"version_value": "Version 3.00A (9.50.255.02)"
}
]
}
},
{
"product_name": "ICONICS\u00a0 GenBroker64, Platform Services, Workbench, FrameWorX Server",
"version": {
"version_data": [
{
"version_value": "v10.96 and prior"
}
]
}
},
{
"product_name": "GenBroker32",
"version": {
"version_data": [
{
"version_value": "v9.5 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12011",
"datePublished": "2020-07-16T18:53:05",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| iconics | bizviz | 9.0 | |
| iconics | bizviz | 9.01 | |
| iconics | bizviz | 9.1 | |
| iconics | bizviz | 9.2 | |
| iconics | bizviz | 9.13 | |
| iconics | bizviz | 9.20 | |
| iconics | bizviz | 9.21 | |
| iconics | genesis32 | 9.0 | |
| iconics | genesis32 | 9.1 | |
| iconics | genesis32 | 9.01 | |
| iconics | genesis32 | 9.2 | |
| iconics | genesis32 | 9.13 | |
| iconics | genesis32 | 9.20 | |
| iconics | genesis32 | 9.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2854F716-ED09-46E8-AF9C-030EADDDB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E3214375-3D3A-47F9-BE1F-D92102A8C8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0585FE5D-0FA5-4E13-AA5E-B5714564A14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4B6521-EE6D-49FB-B771-830B34613007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "22060866-9121-480B-913A-41616CD94A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "278C55AD-294C-4D39-8E50-0726CA523A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E01069E-E059-446B-A0C5-89C37C902D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02BE61E1-12E1-46B3-B725-9A73EAD272B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7784C58-C8CF-4631-8171-67D95595FF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F303667-A48E-40D2-9C38-C9C2813020AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86628D9D-4270-4571-A57A-17962BC2027D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFFA7EA-6775-44B8-88ED-D1B6E4AE259A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en el m\u00e9todo SetActiveXGUID en el control VersionInfo ActiveX en GenVersion.dll v8.0.138.0 en el subsistema WebHMI en ICONICS BizViz v9.x anterior a v9.22 y GENESIS32 v9.x anterior a v9.22 permite a atacantes remotos ejecutar c\u00f3digo de su lecci\u00f3n a trav\u00e9s de una cadena larga en el argumento. NOTA: alguno de estos detalles son obtenidos de terceras partes de informaci\u00f3n"
}
],
"id": "CVE-2011-2089",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T17:05:45.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44417"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17240"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17269"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/72135"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47704"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1174"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/72135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-24 04:48
Modified
2025-04-11 00:51
Severity ?
Summary
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01 | US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:genesis32:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2CEDDA-8387-46C4-A1F5-5C6997B1ACB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "2A900FC3-9E22-49E0-B9A2-7B2717D12315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6F5EC4-0FA4-4FF6-96A1-B7BD2ED6E8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFC8F6B-B298-49A3-BBD8-CDA74785AC0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
},
{
"lang": "es",
"value": "Un control de ActiveX en GenLaunch.htm en ICONICS GENESIS32 8.0, 8.02, 8.04 y 8.05 permite a atacantes remotos ejecutar programas arbitrarios a trav\u00e9s de un documento HTML manipulado."
}
],
"id": "CVE-2014-0758",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-24T04:48:10.193",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-18 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf | US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
},
{
"lang": "es",
"value": "El control ActiveX GENESIS32 IcoSetServer en ICONICS GENESIS32 v9.21 y BizViz v9.21 configura la zona de confianza sobre la base de datos del usuario, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web modificado, relaci\u00f3nado con una \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
}
],
"id": "CVE-2011-5088",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-18T17:55:01.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| mitsubishielectric | mc_works64 | * | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFE4C50-FB00-4449-8A7F-D524109A1F1D",
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
},
{
"lang": "es",
"value": "Un cliente WCF especialmente dise\u00f1ado que interact\u00faa con el puede permitir la ejecuci\u00f3n de determinados comandos SQL arbitrarios remotamente. Esto afecta: Mitsubishi Electric MC Works64 Versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n v10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n v9.5 y anteriores"
}
],
"id": "CVE-2020-12013",
"lastModified": "2024-11-21T04:59:06.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-16T22:15:11.417",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-16 19:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."
},
{
"lang": "es",
"value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado a los sistemas afectados podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio o permitir una ejecuci\u00f3n de c\u00f3digo remota. Este problema afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n 10.96 y anteriores; GenBroker32 versi\u00f3n 9.5 y anteriores"
}
],
"id": "CVE-2020-12011",
"lastModified": "2024-11-21T04:59:06.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-16T19:15:11.830",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-16 20:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
},
{
"lang": "es",
"value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado al dispositivo afectado podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio debido a una vulnerabilidad de deserializaci\u00f3n. Esto afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n v10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n v9.5 y anteriores"
}
],
"id": "CVE-2020-12009",
"lastModified": "2024-11-21T04:59:06.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-16T20:15:11.057",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C | ||
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
},
{
"lang": "es",
"value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado a los dispositivos afectados podr\u00eda permitir una ejecuci\u00f3n de c\u00f3digo remota y una condici\u00f3n de denegaci\u00f3n de servicio debido a una vulnerabilidad de deserializaci\u00f3n. Este problema afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n 10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n 9.5 y anteriores"
}
],
"id": "CVE-2020-12007",
"lastModified": "2024-11-21T04:59:06.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-16T22:15:11.337",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-170-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-170-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | mc_works | * | |
| mitsubishielectric | mc_works32 | 9.50.255.02 | |
| iconics | energy_analytix | - | |
| iconics | facility_analytix | - | |
| iconics | genesis64 | - | |
| iconics | hyper_historian | - | |
| iconics | mobilehmi | - | |
| iconics | quality_analytix | - | |
| iconics | smart_energy_analytix | - | |
| iconics | bizviz | - | |
| iconics | genesis32 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
},
{
"lang": "es",
"value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado a los sistemas afectados podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio debido a una deserializaci\u00f3n inapropiada. Este problema afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n v10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n 9.5 y anteriores"
}
],
"id": "CVE-2020-12015",
"lastModified": "2024-11-21T04:59:07.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-16T22:15:11.493",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2025-04-11 00:51
Severity ?
Summary
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| iconics | genesis32 | * | |
| iconics | genesis32 | 8.05 | |
| iconics | genesis32 | 9.0 | |
| iconics | genesis32 | 9.1 | |
| iconics | genesis32 | 9.01 | |
| iconics | genesis32 | 9.2 | |
| iconics | genesis32 | 9.13 | |
| iconics | genesis32 | 9.20 | |
| iconics | genesis32 | 9.21 | |
| iconics | bizviz | * | |
| iconics | bizviz | 8.05 | |
| iconics | bizviz | 9.0 | |
| iconics | bizviz | 9.01 | |
| iconics | bizviz | 9.1 | |
| iconics | bizviz | 9.2 | |
| iconics | bizviz | 9.13 | |
| iconics | bizviz | 9.20 | |
| iconics | bizviz | 9.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5648CCCB-E3B4-4649-BF80-0CBBFF8D25ED",
"versionEndIncluding": "9.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFC8F6B-B298-49A3-BBD8-CDA74785AC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E01069E-E059-446B-A0C5-89C37C902D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02BE61E1-12E1-46B3-B725-9A73EAD272B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7784C58-C8CF-4631-8171-67D95595FF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F303667-A48E-40D2-9C38-C9C2813020AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86628D9D-4270-4571-A57A-17962BC2027D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFFA7EA-6775-44B8-88ED-D1B6E4AE259A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09717E94-3D2C-48E9-A267-4E75D2F343AD",
"versionEndIncluding": "9.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEF3187-A001-4604-A292-6192678B2AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2854F716-ED09-46E8-AF9C-030EADDDB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E3214375-3D3A-47F9-BE1F-D92102A8C8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0585FE5D-0FA5-4E13-AA5E-B5714564A14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4B6521-EE6D-49FB-B771-830B34613007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "22060866-9121-480B-913A-41616CD94A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "278C55AD-294C-4D39-8E50-0726CA523A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response."
},
{
"lang": "es",
"value": "La caracter\u00edstica lockout-recovery en el componente Security Configurator en ICONICS GENESIS32 v9.22 y anteriores y BizViz v9.22 y anteior usa un algoritmo de cifrado inadecuado para la generaci\u00f3n de c\u00f3digo de autenticaci\u00f3n, lo que permite a usuarios locales evitar las restricciones de acceso establecidas y obtener acceso administrativo prediciendo la respuesta a la solicitud."
}
],
"id": "CVE-2012-3018",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-31T10:45:42.467",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-18 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFC8F6B-B298-49A3-BBD8-CDA74785AC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E01069E-E059-446B-A0C5-89C37C902D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02BE61E1-12E1-46B3-B725-9A73EAD272B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F303667-A48E-40D2-9C38-C9C2813020AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEF3187-A001-4604-A292-6192678B2AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2854F716-ED09-46E8-AF9C-030EADDDB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0585FE5D-0FA5-4E13-AA5E-B5714564A14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4B6521-EE6D-49FB-B771-830B34613007",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en los controles ActiveX Security Login en ICONICS GENESIS32 v8.05, v9.0, v9.1, y v9.2 y BizViz v8,05, v9,0, v9,1 y v9,2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una contrase\u00f1a larga."
}
],
"id": "CVE-2011-5089",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-18T17:55:01.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}