CVE-2020-12007

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02) ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior ICONICS GenBroker32 version 9.5 and prior

Description: A deserialization vulnerability exists, allowing remote code execution and a denial-of-service condition due to a specially crafted communication packet sent to the affected devices. This issue is related to the restoration of an untrusted data structure in memory, which can be exploited by a remote attacker to execute arbitrary code or cause a denial-of-service.

Recommendations: For Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, update to a version later than 4.02C (10.95.208.31) to resolve the issue. For Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02), update to a version later than 3.00A (9.50.255.02) to resolve the issue. For ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior, update to a version later than 10.96 to resolve the issue. For ICONICS GenBroker32 version 9.5 and prior, update to a version later than 9.5 to resolve the issue. As a temporary workaround, consider restricting access to the deserialization functionality until a patch is available.