CVE-2020-12015

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02) ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior ICONICS GenBroker32 version 9.5 and prior

Description: A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. The issue is related to deficiencies in the deserialization mechanism, which can be exploited by a remote attacker to cause a denial-of-service condition.

Recommendations: For Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, update to a version that fixes the deserialization issue. For Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02), update to a version that fixes the deserialization issue. For ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior, update to a version that fixes the deserialization issue. For ICONICS GenBroker32 version 9.5 and prior, update to a version that fixes the deserialization issue. As a temporary workaround, consider restricting access to the deserialization mechanism until a patch is available.