CVE-2020-12009

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MC Works64 versions 4.02C and earlier Mitsubishi Electric MC Works32 version 3.00A ICONICS GenBroker64 versions prior to 10.96 ICONICS GenBroker32 version 9.5 and prior ICONICS FrameWorX Server versions prior to 10.96 ICONICS Platform Services versions prior to 10.96 ICONICS Workbench versions prior to 10.96

Description: The issue is related to the deserialization vulnerability, which can cause a denial-of-service condition when a specially crafted communication packet is sent to the affected device. This can allow a remote attacker to cause a service disruption. The vulnerability is also associated with the restoration of an invalid data structure in memory.

Recommendations: For Mitsubishi Electric MC Works64 versions 4.02C and earlier, update to a version later than 4.02C to resolve the issue. For Mitsubishi Electric MC Works32 version 3.00A, update to a version later than 3.00A to resolve the issue. For ICONICS GenBroker64 versions prior to 10.96, update to version 10.96 or later to resolve the issue. For ICONICS GenBroker32 version 9.5 and prior, update to a version later than 9.5 to resolve the issue. For ICONICS FrameWorX Server versions prior to 10.96, update to version 10.96 or later to resolve the issue. For ICONICS Platform Services versions prior to 10.96, update to version 10.96 or later to resolve the issue. For ICONICS Workbench versions prior to 10.96, update to version 10.96 or later to resolve the issue.