CVE-2020-12013

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MC Works64 versions 4.02C and earlier Mitsubishi Electric MC Works32 version 3.00A ICONICS GenBroker64 versions 10.96 and prior ICONICS GenBroker32 versions 9.5 and prior ICONICS FrameWorX Server versions 10.96 and prior ICONICS Platform Services versions 10.96 and prior ICONICS Workbench versions 10.96 and prior

Description: The issue allows a specially crafted WCF client to execute arbitrary SQL commands remotely due to insufficient code generation management. This can enable a remote attacker to execute arbitrary commands.

Recommendations: For Mitsubishi Electric MC Works64 versions 4.02C and earlier, update to a version later than 4.02C. For Mitsubishi Electric MC Works32 version 3.00A, update to a version later than 3.00A. For ICONICS GenBroker64 versions 10.96 and prior, update to a version later than 10.96. For ICONICS GenBroker32 versions 9.5 and prior, update to a version later than 9.5. For ICONICS FrameWorX Server versions 10.96 and prior, update to a version later than 10.96. For ICONICS Platform Services versions 10.96 and prior, update to a version later than 10.96. For ICONICS Workbench versions 10.96 and prior, update to a version later than 10.96.