CVE-2020-12013

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.

Published: Jul 17, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-12013
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
mitsubishielectric / mc_works32	9.50.255.02	9.50.255.02.x
mitsubishielectric / mc_works64	-	10.95.208.31.x

https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03

Vulnerability Database

289,784

CVE-2020-12013