Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
97 vulnerabilities by ICONICS
CVE-2024-9852 (GCVE-0-2024-9852)
Vulnerability from nvd – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU93891820 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
all versions
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
all versions
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
all versions
|
|
| iconics | genesis64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | genesis64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:39:20.927830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:43:35.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asher Davila of Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Malav Vyas of Palo Alto Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:38:42.201Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU93891820"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-9852",
"datePublished": "2024-11-28T22:20:28.303Z",
"dateReserved": "2024-10-11T01:20:49.722Z",
"dateUpdated": "2026-04-08T13:38:42.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8300 (GCVE-0-2024-8300)
Vulnerability from nvd – Published: 2024-11-28 22:18 – Updated: 2026-01-09 07:52- CWE-561 - Dead Code
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU93891820 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| iconics | genesis64 |
Affected:
10.97.2
Affected: 10.97.2cfr1 Affected: 10.97.2cfr2 Affected: 10.97.3 cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | genesis64 |
Affected:
10.97.2
Affected: 10.97.2cfr1 Affected: 10.97.2cfr2 Affected: 10.97.3 cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"status": "affected",
"version": "10.97.2"
},
{
"status": "affected",
"version": "10.97.2cfr1"
},
{
"status": "affected",
"version": "10.97.2cfr2"
},
{
"status": "affected",
"version": "10.97.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "mitsubishielectric",
"versions": [
{
"status": "affected",
"version": "10.97.2"
},
{
"status": "affected",
"version": "10.97.2cfr1"
},
{
"status": "affected",
"version": "10.97.2cfr2"
},
{
"status": "affected",
"version": "10.97.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:50:37.535229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:53:27.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asher Davila of Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Malav Vyas of Palo Alto Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-561",
"description": "CWE-561 Dead Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T07:52:13.107Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU93891820"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-8300",
"datePublished": "2024-11-28T22:18:28.358Z",
"dateReserved": "2024-08-29T06:26:41.397Z",
"dateUpdated": "2026-01-09T07:52:13.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8299 (GCVE-0-2024-8299)
Vulnerability from nvd – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU93891820 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
all versions
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
all versions
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
all versions
|
|
| iconics | genesis64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:37:52.677330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:40:42.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asher Davila of Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Malav Vyas of Palo Alto Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:35:35.670Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU93891820"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-8299",
"datePublished": "2024-11-28T22:16:31.396Z",
"dateReserved": "2024-08-29T06:26:34.979Z",
"dateUpdated": "2026-04-08T13:35:35.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7587 (GCVE-0-2024-7587)
Vulnerability from nvd – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46- CWE-276 - Incorrect Default Permissions
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU95548104 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
All versions
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
Versions 9.70.300.23 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
Versions 9.70.300.23 and prior
|
|
| iconics | genesis64 |
Affected:
0 , ≤ 10.97.3
(custom)
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThanOrEqual": "10.97.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:49.960141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:50:04.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Versions 9.70.300.23 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 9.70.300.23 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
}
],
"value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T05:46:11.126Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU95548104"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-7587",
"datePublished": "2024-10-22T22:19:20.646Z",
"dateReserved": "2024-08-07T08:06:04.877Z",
"dateUpdated": "2026-01-09T05:46:11.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1574 (GCVE-0-2024-1574)
Vulnerability from nvd – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU98894016/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisoryx_transferred |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "10.97.92",
"status": "affected",
"version": "10.97",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:44:19.238774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:45:36.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BizViz",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BizViz",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:31:05.753Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1574",
"datePublished": "2024-07-04T09:02:35.260Z",
"dateReserved": "2024-02-16T01:30:45.960Z",
"dateUpdated": "2026-04-08T13:31:05.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1573 (GCVE-0-2024-1573)
Vulnerability from nvd – Published: 2024-07-04 08:59 – Updated: 2026-04-13 22:47- CWE-306 - Missing Authentication for Critical Function
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU98894016/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisoryx_transferred |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "10.97.92",
"status": "affected",
"version": "10.97",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:46:51.356597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:46:55.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IoTWorX",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "version 10.95"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IoTWorX",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "version 10.95"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
}
],
"value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T22:47:17.575Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1573",
"datePublished": "2024-07-04T08:59:44.079Z",
"dateReserved": "2024-02-16T01:30:41.285Z",
"dateUpdated": "2026-04-13T22:47:17.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1182 (GCVE-0-2024-1182)
Vulnerability from nvd – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU98894016/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisoryx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | Hyper Historian |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | Hyper Historian |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
versions 9.7 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
versions 9.7 and prior
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
all versions
|
|
| iconics | genesis64 |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:24.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T15:23:47.078975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T15:25:49.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:28:11.189Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1182",
"datePublished": "2024-07-04T08:53:41.217Z",
"dateReserved": "2024-02-02T00:20:48.886Z",
"dateUpdated": "2026-04-08T13:28:11.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9852 (GCVE-0-2024-9852)
Vulnerability from cvelistv5 – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU93891820 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
all versions
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
all versions
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
all versions
|
|
| iconics | genesis64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | genesis64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:39:20.927830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:43:35.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asher Davila of Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Malav Vyas of Palo Alto Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:38:42.201Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU93891820"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-9852",
"datePublished": "2024-11-28T22:20:28.303Z",
"dateReserved": "2024-10-11T01:20:49.722Z",
"dateUpdated": "2026-04-08T13:38:42.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8300 (GCVE-0-2024-8300)
Vulnerability from cvelistv5 – Published: 2024-11-28 22:18 – Updated: 2026-01-09 07:52- CWE-561 - Dead Code
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU93891820 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
Version 10.97.2
Affected: Version 10.97.2 CFR1 Affected: Version 10.97.2 CRF2 Affected: Version 10.97.3 |
|
| iconics | genesis64 |
Affected:
10.97.2
Affected: 10.97.2cfr1 Affected: 10.97.2cfr2 Affected: 10.97.3 cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | genesis64 |
Affected:
10.97.2
Affected: 10.97.2cfr1 Affected: 10.97.2cfr2 Affected: 10.97.3 cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"status": "affected",
"version": "10.97.2"
},
{
"status": "affected",
"version": "10.97.2cfr1"
},
{
"status": "affected",
"version": "10.97.2cfr2"
},
{
"status": "affected",
"version": "10.97.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "genesis64",
"vendor": "mitsubishielectric",
"versions": [
{
"status": "affected",
"version": "10.97.2"
},
{
"status": "affected",
"version": "10.97.2cfr1"
},
{
"status": "affected",
"version": "10.97.2cfr2"
},
{
"status": "affected",
"version": "10.97.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:50:37.535229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:53:27.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Version 10.97.2"
},
{
"status": "affected",
"version": "Version 10.97.2 CFR1"
},
{
"status": "affected",
"version": "Version 10.97.2 CRF2"
},
{
"status": "affected",
"version": "Version 10.97.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asher Davila of Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Malav Vyas of Palo Alto Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-561",
"description": "CWE-561 Dead Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T07:52:13.107Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU93891820"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-8300",
"datePublished": "2024-11-28T22:18:28.358Z",
"dateReserved": "2024-08-29T06:26:41.397Z",
"dateUpdated": "2026-01-09T07:52:13.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8299 (GCVE-0-2024-8299)
Vulnerability from cvelistv5 – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU93891820 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
all versions
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
all versions
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | Hyper Historian |
Affected:
versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
all versions
|
|
| iconics | genesis64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:37:52.677330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:40:42.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asher Davila of Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Malav Vyas of Palo Alto Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:35:35.670Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU93891820"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-8299",
"datePublished": "2024-11-28T22:16:31.396Z",
"dateReserved": "2024-08-29T06:26:34.979Z",
"dateUpdated": "2026-04-08T13:35:35.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7587 (GCVE-0-2024-7587)
Vulnerability from cvelistv5 – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46- CWE-276 - Incorrect Default Permissions
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU95548104 | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
All versions
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
Versions 10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
Versions 9.70.300.23 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
Versions 9.70.300.23 and prior
|
|
| iconics | genesis64 |
Affected:
0 , ≤ 10.97.3
(custom)
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , < *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThanOrEqual": "10.97.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:49.960141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:50:04.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Versions 9.70.300.23 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 9.70.300.23 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
}
],
"value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T05:46:11.126Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU95548104"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-7587",
"datePublished": "2024-10-22T22:19:20.646Z",
"dateReserved": "2024-08-07T08:06:04.877Z",
"dateUpdated": "2026-01-09T05:46:11.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1574 (GCVE-0-2024-1574)
Vulnerability from cvelistv5 – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU98894016/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisoryx_transferred |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "10.97.92",
"status": "affected",
"version": "10.97",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:44:19.238774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:45:36.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BizViz",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BizViz",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:31:05.753Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1574",
"datePublished": "2024-07-04T09:02:35.260Z",
"dateReserved": "2024-02-16T01:30:45.960Z",
"dateUpdated": "2026-04-08T13:31:05.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1573 (GCVE-0-2024-1573)
Vulnerability from cvelistv5 – Published: 2024-07-04 08:59 – Updated: 2026-04-13 22:47- CWE-306 - Missing Authentication for Critical Function
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU98894016/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisoryx_transferred |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "10.97.92",
"status": "affected",
"version": "10.97",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:46:51.356597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:46:55.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IoTWorX",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "version 10.95"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IoTWorX",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "version 10.95"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
}
],
"value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T22:47:17.575Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1573",
"datePublished": "2024-07-04T08:59:44.079Z",
"dateReserved": "2024-02-16T01:30:41.285Z",
"dateUpdated": "2026-04-13T22:47:17.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1182 (GCVE-0-2024-1182)
Vulnerability from cvelistv5 – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU98894016/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisoryx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS64 |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | ICONICS Suite |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | Hyper Historian |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Corporation | Hyper Historian |
Affected:
10.97.3 and prior
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS32 |
Affected:
versions 9.7 and prior
|
|
| Mitsubishi Electric Corporation | GENESIS32 |
Affected:
versions 9.7 and prior
|
|
| Mitsubishi Electric Corporation | MC Works64 |
Affected:
all versions
|
|
| iconics | genesis64 |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
|
| mitsubishielectric | mc_works64 |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:24.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T15:23:47.078975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T15:25:49.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "10.97.3 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:28:11.189Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1182",
"datePublished": "2024-07-04T08:53:41.217Z",
"dateReserved": "2024-02-02T00:20:48.886Z",
"dateUpdated": "2026-04-08T13:28:11.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6061 (GCVE-0-2023-6061)
Vulnerability from cvelistv5 – Published: 2023-12-07 23:21 – Updated: 2024-12-12 22:56This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto Networks) based on discussions with Mitsubishi Electronics Corporation's PSIRT.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-12-12T22:56:25.742Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto Networks) based on discussions with Mitsubishi Electronics Corporation\u0027s PSIRT."
}
],
"value": "This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto Networks) based on discussions with Mitsubishi Electronics Corporation\u0027s PSIRT."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-6061",
"datePublished": "2023-12-07T23:21:22.755Z",
"dateRejected": "2024-12-12T22:56:25.742Z",
"dateReserved": "2023-11-09T18:55:45.555Z",
"dateUpdated": "2024-12-12T22:56:25.742Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202201-0603
Vulnerability from variot - Updated: 2024-02-13 22:46Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Mitsubishi Electric products and multiple ICONICS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan's Mitsubishi Electric (Mitsubishi Electric).
A security vulnerability exists in Mitsubishi Electric MC Works64 that originates in the ICONICS and Mitsubishi Electric ICONICS product suites. The FrameWorX server in the Mitsubishi Electric MC Works64 product could allow an attacker to exploit the vulnerability to open a WebSocket endpoint (port 80 or 443) when bypassing GENESIS64 MC Works64 security. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0603",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mc works64",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.201.23"
},
{
"model": "mc works64",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.210.01"
},
{
"model": "mobilehmi",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.97"
},
{
"model": "hyper historian",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.97"
},
{
"model": "genesis64",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.97"
},
{
"model": "hyper historian",
"scope": "gte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.95.3"
},
{
"model": "genesis64",
"scope": "gte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.95.3"
},
{
"model": "mobilehmi",
"scope": "gte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.95.3"
},
{
"model": "analytix",
"scope": "gte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.95.3"
},
{
"model": "analytix",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.97"
},
{
"model": "hyper historian",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "mc works64",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "4.00a (10.95.201.23) to 4.04e (10.95.210.01)"
},
{
"model": "mobilehmi",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "genesis 64",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works64",
"scope": "gte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "10.95.201.23,\u003c=10.95.210.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:analytix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"versionStartIncluding": "10.95.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"versionStartIncluding": "10.95.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"versionStartIncluding": "10.95.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"versionStartIncluding": "10.95.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.95.210.01",
"versionStartIncluding": "10.95.201.23",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
}
],
"trust": 0.6
},
"cve": "CVE-2022-23128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-23128",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08358",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-23128",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-23128",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-08358",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1829",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-23128",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"db": "VULMON",
"id": "CVE-2022-23128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
},
{
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Mitsubishi Electric products and multiple ICONICS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric). \n\r\n\r\nA security vulnerability exists in Mitsubishi Electric MC Works64 that originates in the ICONICS and Mitsubishi Electric ICONICS product suites. The FrameWorX server in the Mitsubishi Electric MC Works64 product could allow an attacker to exploit the vulnerability to open a WebSocket endpoint (port 80 or 443) when bypassing GENESIS64 MC Works64 security. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"db": "VULMON",
"id": "CVE-2022-23128"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23128",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-020-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95403720",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08358",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0311",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012108",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1829",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-23128",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"db": "VULMON",
"id": "CVE-2022-23128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
},
{
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"id": "VAR-202201-0603",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
}
]
},
"last_update_date": "2024-02-13T22:46:25.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Mitsubishi Electric Mitsubishi\u00a0Electric\u00a0Corporation",
"trust": 0.8,
"url": "https://iconics.com/"
},
{
"title": "Patch for Unknown Vulnerability in Mitsubishi Electric MC Works64",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/317671"
},
{
"title": "Mitsubishi Electric MC Works64 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179152"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"db": "VULMON",
"id": "CVE-2022-23128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
},
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu95403720/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23128"
},
{
"trust": 1.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95403720/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0311"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012108"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"db": "VULMON",
"id": "CVE-2022-23128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
},
{
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"db": "VULMON",
"id": "CVE-2022-23128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
},
{
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23128"
},
{
"date": "2023-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"date": "2022-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1829"
},
{
"date": "2022-01-21T19:15:09.977000",
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08358"
},
{
"date": "2022-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23128"
},
{
"date": "2023-03-10T03:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-003883"
},
{
"date": "2022-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1829"
},
{
"date": "2022-01-27T20:20:33.137000",
"db": "NVD",
"id": "CVE-2022-23128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric products and multiple \u00a0ICONICS\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003883"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1829"
}
],
"trust": 0.6
}
}
VAR-202201-0604
Vulnerability from variot - Updated: 2024-02-13 22:46Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. Mitsubishi Electric MC Works64 , ICONICS GENESIS64 , ICONICS Hyper Historian Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan's Mitsubishi Electric (Mitsubishi Electric).
Mitsubishi Electric MC Works64 has a security vulnerability that stems from a coding error in the SQL query engine memory allocation code that makes it possible to execute a series of SQL commands in a GENESIS64 system or MC Works64 system, which can cause the SQL query engine to crash and cause SQL Server Disabled. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0604",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "genesis64",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.97"
},
{
"model": "mc works64",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.201.23"
},
{
"model": "mc works64",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.210.01"
},
{
"model": "hyper historian",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.97"
},
{
"model": "hyper historian",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "mc works64",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "4.00a (10.95.201.23) to 4.04e (10.95.210.01)"
},
{
"model": "genesis 64",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works64 \u003c4.04e",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(10.95.210.01)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.95.210.01",
"versionStartIncluding": "10.95.201.23",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
}
],
"trust": 0.6
},
"cve": "CVE-2022-23130",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23130",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-08357",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23130",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-23130",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-08357",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1789",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-23130",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"db": "VULMON",
"id": "CVE-2022-23130"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
},
{
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. Mitsubishi Electric MC Works64 , ICONICS GENESIS64 , ICONICS Hyper Historian Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric). \n\r\n\r\nMitsubishi Electric MC Works64 has a security vulnerability that stems from a coding error in the SQL query engine memory allocation code that makes it possible to execute a series of SQL commands in a GENESIS64 system or MC Works64 system, which can cause the SQL query engine to crash and cause SQL Server Disabled. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23130"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"db": "VULMON",
"id": "CVE-2022-23130"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23130",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-020-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95403720",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0311",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012108",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1789",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-23130",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"db": "VULMON",
"id": "CVE-2022-23130"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
},
{
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"id": "VAR-202201-0604",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
}
]
},
"last_update_date": "2024-02-13T22:46:25.869000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Mitsubishi Electric Mitsubishi\u00a0Electric\u00a0Corporation",
"trust": 0.8,
"url": "https://iconics.com/"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/317666"
},
{
"title": "Mitsubishi Electric MC Works64 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179833"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"db": "VULMON",
"id": "CVE-2022-23130"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
},
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu95403720/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23130"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95403720/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
},
{
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0311"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012108"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"db": "VULMON",
"id": "CVE-2022-23130"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
},
{
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"db": "VULMON",
"id": "CVE-2022-23130"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
},
{
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23130"
},
{
"date": "2023-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"date": "2022-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1789"
},
{
"date": "2022-01-21T19:15:10.080000",
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08357"
},
{
"date": "2022-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23130"
},
{
"date": "2023-03-10T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-003878"
},
{
"date": "2022-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1789"
},
{
"date": "2022-01-27T20:42:26.387000",
"db": "NVD",
"id": "CVE-2022-23130"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric products and multiple \u00a0ICONICS\u00a0 Product out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003878"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1789"
}
],
"trust": 0.6
}
}
VAR-202201-0605
Vulnerability from variot - Updated: 2024-02-13 22:46Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL. Mitsubishi Electric MC Works64 and ICONICS MobileHMI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. An attacker could exploit this vulnerability to execute JavaScript code on the client side
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0605",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mobilehmi",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.96.2"
},
{
"model": "mc works64",
"scope": "lt",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.210.01"
},
{
"model": "mc works64",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "4.04e (10.95.210.01) and earlier"
},
{
"model": "mobilehmi",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works64",
"scope": "lt",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "10.95.210.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.96.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.95.210.01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
}
],
"trust": 0.6
},
"cve": "CVE-2022-23127",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23127",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-08219",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-23127",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-23127",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-08219",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1854",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-23127",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "VULMON",
"id": "CVE-2022-23127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
},
{
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL. Mitsubishi Electric MC Works64 and ICONICS MobileHMI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. An attacker could exploit this vulnerability to execute JavaScript code on the client side",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "VULMON",
"id": "CVE-2022-23127"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23127",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-020-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95403720",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08219",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0311",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012109",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1854",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-23127",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "VULMON",
"id": "CVE-2022-23127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
},
{
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"id": "VAR-202201-0605",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
}
]
},
"last_update_date": "2024-02-13T22:46:25.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Mitsubishi Electric Mitsubishi\u00a0Electric\u00a0Corporation",
"trust": 0.8,
"url": "https://iconics.com/"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/317286"
},
{
"title": "Mitsubishi Electric MC Works64 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179842"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "VULMON",
"id": "CVE-2022-23127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
},
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu95403720/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-025_en.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23127"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95403720/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0311"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012109"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "VULMON",
"id": "CVE-2022-23127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
},
{
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "VULMON",
"id": "CVE-2022-23127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
},
{
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23127"
},
{
"date": "2023-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"date": "2022-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1854"
},
{
"date": "2022-01-21T19:15:09.913000",
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"date": "2022-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23127"
},
{
"date": "2023-03-10T03:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-003885"
},
{
"date": "2022-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1854"
},
{
"date": "2022-01-27T20:03:06.297000",
"db": "NVD",
"id": "CVE-2022-23127"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MC Works64 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08219"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1854"
}
],
"trust": 0.6
}
}
VAR-201207-0139
Vulnerability from variot - Updated: 2023-12-18 14:06The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. GENESIS32/BizViz is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 and BizViz are prone to a local authentication-bypass vulnerability. Successful exploits may lead to other attacks. Iconics GENESIS32 and BizViz versions 9.22 and prior are vulnerable. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi
TITLE: ICONICS GENESIS32 / BizViz Privilege Escalation Vulnerability
SECUNIA ADVISORY ID: SA50116
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50116/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50116
RELEASE DATE: 2012-07-31
DISCUSS ADVISORY: http://secunia.com/advisories/50116/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50116/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50116
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in ICONICS GENESIS32 and ICONICS BizViz, which can be exploited by malicious, local users to gain escalated privileges. This can be exploited to gain administrative access by predicting a challenge response.
SOLUTION: Apply patches. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Dr. Wesley McGrew, Mississippi State University.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "genesis32",
"scope": "eq",
"trust": 2.2,
"vendor": "iconics",
"version": "8.05"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 2.2,
"vendor": "iconics",
"version": "9.13"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 2.2,
"vendor": "iconics",
"version": "9.01"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 2.2,
"vendor": "iconics",
"version": "8.05"
},
{
"model": "bizviz",
"scope": "lte",
"trust": 1.8,
"vendor": "iconics",
"version": "9.22"
},
{
"model": "genesis32",
"scope": "lte",
"trust": 1.8,
"vendor": "iconics",
"version": "9.22"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.13"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.01"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.21"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.2"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.20"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.1"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.0"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.5,
"vendor": "iconics",
"version": "9.22"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.20"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.1"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.0"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.2"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.21"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 0.9,
"vendor": "iconics",
"version": "9.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "8.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "8.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"db": "BID",
"id": "54732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3018"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr. Wesley McGrew of Mississippi State University",
"sources": [
{
"db": "BID",
"id": "54732"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3018",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-3018",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3018",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-599",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. GENESIS32/BizViz is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 and BizViz are prone to a local authentication-bypass vulnerability. Successful exploits may lead to other attacks. \nIconics GENESIS32 and BizViz versions 9.22 and prior are vulnerable. ----------------------------------------------------------------------\n\nWe are millions! Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS GENESIS32 / BizViz Privilege Escalation Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50116\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50116/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116\n\nRELEASE DATE:\n2012-07-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50116/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50116/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in ICONICS GENESIS32 and ICONICS\nBizViz, which can be exploited by malicious, local users to gain\nescalated privileges. This can be exploited to gain\nadministrative access by predicting a challenge response. \n\nSOLUTION:\nApply patches. Contact the vendor for further information. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Dr. Wesley McGrew, Mississippi State University. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"db": "BID",
"id": "54732"
},
{
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "115131"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3018",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-212-01",
"trust": 3.1
},
{
"db": "BID",
"id": "54732",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-4039",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50116",
"trust": 0.8
},
{
"db": "IVD",
"id": "91B22AC4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "115131",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"db": "BID",
"id": "54732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"db": "PACKETSTORM",
"id": "115131"
},
{
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
]
},
"id": "VAR-201207-0139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4039"
}
],
"trust": 1.4120857500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4039"
}
]
},
"last_update_date": "2023-12-18T14:06:18.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CERT Security Update",
"trust": 0.8,
"url": "http://www.iconics.com/certs"
},
{
"title": "Iconics GENESIS32/BizViz Local Verification Patch for Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/19400"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"db": "NVD",
"id": "CVE-2012-3018"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-212-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3018"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3018"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50116"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54732"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/home/products/hmi-and-scada/genesis32.aspx"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50116/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50116/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"db": "BID",
"id": "54732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"db": "PACKETSTORM",
"id": "115131"
},
{
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"db": "BID",
"id": "54732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"db": "PACKETSTORM",
"id": "115131"
},
{
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-01T00:00:00",
"db": "IVD",
"id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54732"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"date": "2012-07-31T03:57:42",
"db": "PACKETSTORM",
"id": "115131"
},
{
"date": "2012-07-31T10:45:42.467000",
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4039"
},
{
"date": "2015-03-19T08:11:00",
"db": "BID",
"id": "54732"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003431"
},
{
"date": "2012-07-31T10:45:42.467000",
"db": "NVD",
"id": "CVE-2012-3018"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "54732"
},
{
"db": "PACKETSTORM",
"id": "115131"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS GENESIS32 and BizViz Vulnerable to access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-599"
}
],
"trust": 0.6
}
}
VAR-201402-0348
Vulnerability from variot - Updated: 2023-12-18 14:06An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. GENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "genesis32",
"scope": "eq",
"trust": 3.3,
"vendor": "iconics",
"version": "8.05"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 3.3,
"vendor": "iconics",
"version": "8.0"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 3.3,
"vendor": "iconics",
"version": "8.02"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 3.3,
"vendor": "iconics",
"version": "8.04"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.22"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.21"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.20"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.2"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.13"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.1"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.01"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "8.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "8.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "8.05"
}
],
"sources": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"db": "BID",
"id": "65706"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0758"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NCCIC/ICS-CERT",
"sources": [
{
"db": "BID",
"id": "65706"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0758",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-0758",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-01214",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "33a69fba-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0758",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-01214",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-351",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nGENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"db": "BID",
"id": "65706"
},
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0758",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-051-01",
"trust": 3.3
},
{
"db": "BID",
"id": "65706",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01214",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-351",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "57034",
"trust": 0.6
},
{
"db": "IVD",
"id": "33A69FBA-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"db": "BID",
"id": "65706"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
]
},
"id": "VAR-201402-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
}
],
"trust": 1.4315789
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
}
]
},
"last_update_date": "2023-12-18T14:06:13.184000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GENESIS32",
"trust": 0.8,
"url": "http://www.iconics.com/home/products/hmi-scada-software-solutions/genesis32.aspx"
},
{
"title": "Iconics GENESIS32 ActiveX Control Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43839"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"db": "NVD",
"id": "CVE-2014-0758"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0758"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0758"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57034"
},
{
"trust": 0.3,
"url": "http://iconics.com/home/products/hmi-scada-software-solutions/genesis32.aspx"
},
{
"trust": 0.3,
"url": "http://iconics.com/iconicswebsite/media/documents/support%20downloads/whitepaper_security_vulnerabilities_february_19_2014.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"db": "BID",
"id": "65706"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"db": "BID",
"id": "65706"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-25T00:00:00",
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"date": "2014-02-20T00:00:00",
"db": "BID",
"id": "65706"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"date": "2014-02-24T04:48:10.193000",
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"date": "2014-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01214"
},
{
"date": "2014-02-20T00:00:00",
"db": "BID",
"id": "65706"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001458"
},
{
"date": "2014-02-24T19:45:33.177000",
"db": "NVD",
"id": "CVE-2014-0758"
},
{
"date": "2014-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Iconics GENESIS32 ActiveX Control Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01214"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "33a69fba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-351"
}
],
"trust": 0.8
}
}
VAR-201105-0146
Vulnerability from variot - Updated: 2023-12-18 14:02Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the 'GenVersion.dll' ActiveX control. Failed exploit attempts will result in a denial-of-service condition. "SetActiveXGUID()" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
TITLE: ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA44417
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44417
RELEASE DATE: 2011-05-04
DISCUSS ADVISORY: http://secunia.com/advisories/44417/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44417/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44417
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in ICONICS VersionInfo ActiveX control, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in GenVersion.dll version 8.0.138.0. Other versions may also be affected.
SOLUTION: Update to a fixed version. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: Scott Bell and Blair Strang, Security-Assessment.com
ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.2"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.20"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.13"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.01"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.0"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.1"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.0"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.2"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.21"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.6,
"vendor": "iconics",
"version": "9.1"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.21"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.20"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.13"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": "9.01"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 0.8,
"vendor": "iconics",
"version": "9.x"
},
{
"model": "bizviz",
"scope": "lt",
"trust": 0.8,
"vendor": "iconics",
"version": "9.22"
},
{
"model": "genesis32",
"scope": "lt",
"trust": 0.8,
"vendor": "iconics",
"version": "9.22"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 0.6,
"vendor": "iconics",
"version": "9.x"
},
{
"model": "versioninfo activex control",
"scope": "eq",
"trust": 0.6,
"vendor": "iconics",
"version": "8.x"
},
{
"model": "genesis64",
"scope": "eq",
"trust": 0.6,
"vendor": "iconics",
"version": "10.x"
},
{
"model": "pacis sui rc7",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "pacis sui rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "webhmi activex control",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.21"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 0.2,
"vendor": "iconics",
"version": "9.x*"
},
{
"model": "versioninfo activex control",
"scope": "eq",
"trust": 0.2,
"vendor": "iconics",
"version": "8.x*"
},
{
"model": "genesis64",
"scope": "eq",
"trust": 0.2,
"vendor": "iconics",
"version": "10.x*"
}
],
"sources": [
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"db": "BID",
"id": "47704"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2089"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Bell \u0026 Blair Strang",
"sources": [
{
"db": "BID",
"id": "47704"
}
],
"trust": 0.3
},
"cve": "CVE-2011-2089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-2089",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "f780befa-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
"version": "2.0 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2089",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-169",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the \u0027GenVersion.dll\u0027 ActiveX control. Failed exploit attempts will result in a denial-of-service condition. \"SetActiveXGUID()\" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA44417\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44417/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44417/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44417/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in ICONICS VersionInfo ActiveX\ncontrol, which can be exploited by malicious people to compromise a\nuser\u0027s system. \n\nThe vulnerability is confirmed in GenVersion.dll version 8.0.138.0. \nOther versions may also be affected. \n\nSOLUTION:\nUpdate to a fixed version. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nScott Bell and Blair Strang, Security-Assessment.com\n\nORIGINAL ADVISORY:\nhttp://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"db": "BID",
"id": "47704"
},
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "101133"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "44417",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-2089",
"trust": 2.9
},
{
"db": "BID",
"id": "47704",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-11-131-01",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "72135",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "17269",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "17240",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2011-1174",
"trust": 1.6
},
{
"db": "XF",
"id": "67267",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201105-169",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-1744",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794",
"trust": 0.8
},
{
"db": "IVD",
"id": "F780BEFA-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "30D8DBBE-1F96-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "101133",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"db": "BID",
"id": "47704"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"db": "PACKETSTORM",
"id": "101133"
},
{
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
]
},
"id": "VAR-201105-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1744"
}
],
"trust": 1.7413905
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1744"
}
]
},
"last_update_date": "2023-12-18T14:02:12.822000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Hot Fixes",
"trust": 0.8,
"url": "http://www.iconics.com/home/support/hot-fixes.aspx"
},
{
"title": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/3787"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"db": "NVD",
"id": "CVE-2011-2089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-131-01.pdf"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/44417"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/47704"
},
{
"trust": 2.0,
"url": "http://www.security-assessment.com/files/documents/advisory/iconics_webhmi.pdf"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17240"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17269"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/72135"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2011/1174"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/67267"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2089"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2089"
},
{
"trust": 0.8,
"url": "http://osvdb.org/72135"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/44417/http"
},
{
"trust": 0.3,
"url": "http://download.schneider-electric.com/files?p_file_id=320329939"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44417/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44417/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"db": "BID",
"id": "47704"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"db": "PACKETSTORM",
"id": "101133"
},
{
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"db": "BID",
"id": "47704"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"db": "PACKETSTORM",
"id": "101133"
},
{
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-16T00:00:00",
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-05-05T00:00:00",
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"date": "2011-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"date": "2011-05-03T00:00:00",
"db": "BID",
"id": "47704"
},
{
"date": "2011-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"date": "2011-05-05T06:57:34",
"db": "PACKETSTORM",
"id": "101133"
},
{
"date": "2011-05-13T17:05:45.643000",
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"date": "2011-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1744"
},
{
"date": "2015-04-13T21:01:00",
"db": "BID",
"id": "47704"
},
{
"date": "2011-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001794"
},
{
"date": "2017-08-29T01:29:16.080000",
"db": "NVD",
"id": "CVE-2011-2089"
},
{
"date": "2011-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1744"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "f780befa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-169"
}
],
"trust": 1.0
}
}
VAR-200612-0248
Vulnerability from variot - Updated: 2023-12-18 13:54Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. ICONICS is a professional company that provides OPC-based visualization software. Failed attempts can crash the host application. Versions prior to DlgWrapper.dll 8.4.166.0 are affected.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. visits a malicious website.
The vulnerability is confirmed in ICONICS Vessel ActiveX 8.02.140 including DlgWrapper.dll 8.0.138.0.
SOLUTION: Update to DlgWrapper.dll 8.4.166.0 by applying the hotfix: http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip
PROVIDED AND/OR DISCOVERED BY: Will Dormann
ORIGINAL ADVISORY: US-CERT VU#251969: http://www.kb.cert.org/vuls/id/251969
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dialog wrapper module activex control",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "8.4.165.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "dialog wrapper module activex control",
"scope": "lt",
"trust": 0.8,
"vendor": "iconics",
"version": "8.4.166.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dialog wrapper module activex control",
"scope": "eq",
"trust": 0.6,
"vendor": "iconics",
"version": "8.4.165.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dialog wrapper module activex control",
"version": "*"
},
{
"model": "vessel/gauge/switch activex control",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "8.02.140.0"
},
{
"model": "dlgwrapper.dll",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "8.0.138.0"
},
{
"model": "dialog wrapper module activex control",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "0"
},
{
"model": "dlgwrapper.dll",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "8.4.166.0"
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:dialog_wrapper_module_activex_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.165.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann",
"sources": [
{
"db": "BID",
"id": "21849"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
],
"trust": 0.9
},
"cve": "CVE-2006-6488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-6488",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "98456900-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6488",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#251969",
"trust": 0.8,
"value": "9.23"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-721",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. ICONICS is a professional company that provides OPC-based visualization software. Failed attempts can crash the host application. \nVersions prior to DlgWrapper.dll 8.4.166.0 are affected. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. visits a malicious website. \n\nThe vulnerability is confirmed in ICONICS Vessel ActiveX 8.02.140\nincluding DlgWrapper.dll 8.0.138.0. \n\nSOLUTION:\nUpdate to DlgWrapper.dll 8.4.166.0 by applying the hotfix:\nhttp://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip\n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann\n\nORIGINAL ADVISORY:\nUS-CERT VU#251969:\nhttp://www.kb.cert.org/vuls/id/251969\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "53382"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6488",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#251969",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "23583",
"trust": 2.6
},
{
"db": "BID",
"id": "21849",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "32552",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-0025",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2007-0011",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721",
"trust": 1.0
},
{
"db": "EXPLOIT-DB",
"id": "6570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556",
"trust": 0.8
},
{
"db": "XF",
"id": "31228",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "9823",
"trust": 0.6
},
{
"db": "IVD",
"id": "98456900-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7D7A13-463F-11E9-A5CB-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "53382",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "PACKETSTORM",
"id": "53382"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
]
},
"id": "VAR-200612-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
}
]
},
"last_update_date": "2023-12-18T13:54:06.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.iconics.com/home.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/251969"
},
{
"trust": 1.6,
"url": "http://osvdb.org/32552"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/23583"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/21849"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/0025"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31228"
},
{
"trust": 0.9,
"url": "http://www.iconics.com/support/free_tools/freetoolsactivex_dlgwrapperhotfix.zip"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/23583/"
},
{
"trust": 0.8,
"url": "http://www.iconics.com/support/free_tools.asp"
},
{
"trust": 0.8,
"url": "http://www.iconics.com/support/readme_file.asp?file=195"
},
{
"trust": 0.8,
"url": "http://www.digitalmunition.com/iconics_dlgwrapper.rb"
},
{
"trust": 0.8,
"url": "http://www.milw0rm.com/exploits/6570"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6488"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6488"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0025"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/31228"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/9823"
},
{
"trust": 0.3,
"url": "http://carnal0wnage.blogspot.com/2008/10/malware-targeting-industrial-control.html"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13097/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13096/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13098/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "PACKETSTORM",
"id": "53382"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "PACKETSTORM",
"id": "53382"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-02T00:00:00",
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2007-01-02T00:00:00",
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"date": "2007-01-02T00:00:00",
"db": "CERT/CC",
"id": "VU#251969"
},
{
"date": "2007-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"date": "2007-01-02T00:00:00",
"db": "BID",
"id": "21849"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"date": "2007-01-03T23:45:45",
"db": "PACKETSTORM",
"id": "53382"
},
{
"date": "2006-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"date": "2006-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-29T00:00:00",
"db": "CERT/CC",
"id": "VU#251969"
},
{
"date": "2007-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"date": "2015-03-19T09:49:00",
"db": "BID",
"id": "21849"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"date": "2017-07-29T01:29:33.607000",
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
],
"trust": 1.0
}
}
VAR-201204-0058
Vulnerability from variot - Updated: 2023-12-18 13:15Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "genesis32",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "9.2"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "9.1"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "9.0"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "8.05"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "9.2"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "9.1"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "9.0"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 2.7,
"vendor": "iconics",
"version": "8.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "8.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "8.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.2"
}
],
"sources": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57146"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5089"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Terry McCorkle",
"sources": [
{
"db": "BID",
"id": "57146"
}
],
"trust": 0.3
},
"cve": "CVE-2011-5089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-5089",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "f069156e-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-5089",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-418",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"db": "BID",
"id": "57146"
},
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5089",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-11-182-02",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005041",
"trust": 0.8
},
{
"db": "BID",
"id": "57146",
"trust": 0.3
},
{
"db": "IVD",
"id": "F069156E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57146"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
]
},
"id": "VAR-201204-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 0.81208575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T13:15:04.773000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CERT Security Update",
"trust": 0.8,
"url": "http://www.iconics.com/certs"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"db": "NVD",
"id": "CVE-2011-5089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-182-02.pdf"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5089"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5089"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/"
}
],
"sources": [
{
"db": "BID",
"id": "57146"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57146"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-19T00:00:00",
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2011-07-01T00:00:00",
"db": "BID",
"id": "57146"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"date": "2012-04-18T17:55:01.213000",
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"date": "2012-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:32:00",
"db": "BID",
"id": "57146"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005041"
},
{
"date": "2017-08-29T01:30:40.757000",
"db": "NVD",
"id": "CVE-2011-5089"
},
{
"date": "2012-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS GENESIS32 Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "f069156e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-418"
}
],
"trust": 0.8
}
}
VAR-201204-0057
Vulnerability from variot - Updated: 2023-12-18 12:52The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability.". ICONICS is a company specializing in providing OPC-based visualization software. GENESIS32 is prone to a remote security vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. This may potentially allow for the execution of arbitrary code. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: ICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation
SECUNIA ADVISORY ID: SA45847
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45847
RELEASE DATE: 2011-09-02
DISCUSS ADVISORY: http://secunia.com/advisories/45847/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45847/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45847
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in the ICONICS IcoSetServer ActiveX Control, which can be exploited by malicious people to manipulate certain data.
The vulnerability is reported in version 9.21. Other versions may also be affected.
SOLUTION: Apply patch or update to version 9.22.
PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT.
ORIGINAL ADVISORY: ICONICS: http://www.iconics.com/certs
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "genesis32",
"scope": "eq",
"trust": 3.8,
"vendor": "iconics",
"version": "9.21"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 3.6,
"vendor": "iconics",
"version": "9.21"
},
{
"model": "icosetserver activex control",
"scope": "eq",
"trust": 0.6,
"vendor": "iconics",
"version": "9.21"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "9.21.201.01"
},
{
"model": "genesis32",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "0"
},
{
"model": "genesis32",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.22"
},
{
"model": "bizviz",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "9.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bizviz",
"version": "9.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "genesis32",
"version": "9.21"
},
{
"model": "icosetserver activex control",
"scope": "eq",
"trust": 0.2,
"vendor": "iconics",
"version": "9.21*"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 0.2,
"vendor": "iconics",
"version": "9.21*"
}
],
"sources": [
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "BID",
"id": "79756"
},
{
"db": "BID",
"id": "49406"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Terry McCorkle",
"sources": [
{
"db": "BID",
"id": "49406"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-547"
}
],
"trust": 0.9
},
"cve": "CVE-2011-5088",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-5088",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-6116",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
"version": "2.0 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-5088",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2011-6116",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-417",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
},
{
"db": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\". ICONICS is a company specializing in providing OPC-based visualization software. GENESIS32 is prone to a remote security vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. This may potentially allow for the execution of arbitrary code. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation\n\nSECUNIA ADVISORY ID:\nSA45847\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45847/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847\n\nRELEASE DATE:\n2011-09-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45847/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45847/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in the ICONICS IcoSetServer ActiveX\nControl, which can be exploited by malicious people to manipulate\ncertain data. \n\nThe vulnerability is reported in version 9.21. Other versions may\nalso be affected. \n\nSOLUTION:\nApply patch or update to version 9.22. \n\nPROVIDED AND/OR DISCOVERED BY:\nBilly Rios and Terry McCorkle via ICS-CERT. \n\nORIGINAL ADVISORY:\nICONICS:\nhttp://www.iconics.com/certs\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "BID",
"id": "79756"
},
{
"db": "BID",
"id": "49406"
},
{
"db": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
},
{
"db": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "104702"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-11-182-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-5088",
"trust": 2.9
},
{
"db": "BID",
"id": "49406",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2011-6116",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3478",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "45847",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201108-547",
"trust": 0.6
},
{
"db": "BID",
"id": "79756",
"trust": 0.3
},
{
"db": "IVD",
"id": "7D7C4190-463F-11E9-B3F2-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "0347C63A-1F8A-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "F06EFDD0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "56E4B816-1F8A-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "104702",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
},
{
"db": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "BID",
"id": "79756"
},
{
"db": "BID",
"id": "49406"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"db": "PACKETSTORM",
"id": "104702"
},
{
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-547"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
]
},
"id": "VAR-201204-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
},
{
"db": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
}
],
"trust": 2.7413905
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
},
{
"db": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
}
]
},
"last_update_date": "2023-12-18T12:52:18.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CERT Security Update",
"trust": 0.8,
"url": "http://www.iconics.com/certs"
},
{
"title": "\\302\\240ICONICS IcoSetServer ActiveX Control Trust Domain Policy Operation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4983"
},
{
"title": "ICONICS IcoSetServer ActiveX Control Trusted Space Any Domain Name Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"db": "NVD",
"id": "CVE-2011-5088"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-182-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5088"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5088"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/45847/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49406/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49406"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://www.iconics.com/certs"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45847/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "BID",
"id": "79756"
},
{
"db": "BID",
"id": "49406"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"db": "PACKETSTORM",
"id": "104702"
},
{
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-547"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
},
{
"db": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "BID",
"id": "79756"
},
{
"db": "BID",
"id": "49406"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"db": "PACKETSTORM",
"id": "104702"
},
{
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-547"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-05T00:00:00",
"db": "IVD",
"id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
},
{
"date": "2011-09-05T00:00:00",
"db": "IVD",
"id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
},
{
"date": "2012-04-19T00:00:00",
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-02T00:00:00",
"db": "IVD",
"id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"date": "2012-04-18T00:00:00",
"db": "BID",
"id": "79756"
},
{
"date": "2011-09-01T00:00:00",
"db": "BID",
"id": "49406"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"date": "2011-09-01T03:53:12",
"db": "PACKETSTORM",
"id": "104702"
},
{
"date": "2012-04-18T17:55:01.167000",
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-547"
},
{
"date": "2012-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3478"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"date": "2012-04-18T00:00:00",
"db": "BID",
"id": "79756"
},
{
"date": "2015-03-19T08:52:00",
"db": "BID",
"id": "49406"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005040"
},
{
"date": "2012-04-19T04:00:00",
"db": "NVD",
"id": "CVE-2011-5088"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-547"
},
{
"date": "2012-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-547"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS IcoSetServer ActiveX Control Trusted Space Any Domain Name Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6116"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-547"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design error",
"sources": [
{
"db": "IVD",
"id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "49406"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-417"
}
],
"trust": 1.1
}
}
VAR-201604-0062
Vulnerability from variot - Updated: 2023-12-18 12:44Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. ICONICS WebHMI is a set of real-time automation software using a web browser in the HMI/SCADA suite. ICONICS WebHMI is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks. WebHMI 9 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webhmi",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "9.0"
},
{
"model": "webhmi",
"scope": "lte",
"trust": 0.8,
"vendor": "iconics",
"version": "9"
},
{
"model": "webhmi",
"scope": "lte",
"trust": 0.6,
"vendor": "iconics",
"version": "\u003c=9"
},
{
"model": "webhmi",
"scope": "eq",
"trust": 0.6,
"vendor": "iconics",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webhmi",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:webhmi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "85765"
}
],
"trust": 0.3
},
"cve": "CVE-2016-2289",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2289",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01984",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5a98e534-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2289",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2289",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01984",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-457",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. ICONICS WebHMI is a set of real-time automation software using a web browser in the HMI/SCADA suite. ICONICS WebHMI is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. \nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks. \nWebHMI 9 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "BID",
"id": "85765"
},
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2289",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-091-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2016-01984",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932",
"trust": 0.8
},
{
"db": "BID",
"id": "85765",
"trust": 0.3
},
{
"db": "IVD",
"id": "5A98E534-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "BID",
"id": "85765"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"id": "VAR-201604-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
}
]
},
"last_update_date": "2023-12-18T12:44:55.663000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebHMI",
"trust": 0.8,
"url": "http://www.iconics.com/home/products/web-solutions/webhmi.aspx"
},
{
"title": "ICONICS WebHMI Directory Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/73575"
},
{
"title": "ICONICS WebHMI Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60737"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "NVD",
"id": "CVE-2016-2289"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-091-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2289"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2289"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "BID",
"id": "85765"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "BID",
"id": "85765"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-05T00:00:00",
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"date": "2016-03-31T00:00:00",
"db": "BID",
"id": "85765"
},
{
"date": "2016-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"date": "2016-04-01T23:59:00.117000",
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"date": "2016-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"date": "2016-03-31T00:00:00",
"db": "BID",
"id": "85765"
},
{
"date": "2016-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001932"
},
{
"date": "2016-04-04T15:59:45.133000",
"db": "NVD",
"id": "CVE-2016-2289"
},
{
"date": "2016-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS WebHMI Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01984"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "5a98e534-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-457"
}
],
"trust": 0.8
}
}
VAR-202007-0206
Vulnerability from variot - Updated: 2023-12-18 12:35A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34371",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12009",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12009",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-12009",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-34371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12009",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-20-777",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34371",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10272",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "D97CB3A1-CB5E-4BB3-B9B8-62A73DD1F132",
"trust": 0.2
},
{
"db": "IVD",
"id": "2AEA7BB9-A918-4CCF-A751-B9794DF3809B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
]
},
"id": "VAR-202007-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
}
]
},
"last_update_date": "2023-12-18T12:35:28.353000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability (CNVD-2020-34371)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/222935"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-777/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12009"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"date": "2020-07-16T20:15:11.057000",
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"date": "2020-07-29T13:53:26.653000",
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(Pwn2Own) ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
],
"trust": 1.0
}
}
VAR-202007-0207
Vulnerability from variot - Updated: 2023-12-18 12:35A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2020-34373",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "2e91579b-642f-4242-83f1-d1d890cc5345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "213f4b05-e0a3-4f65-b456-b752579d9402",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12011",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12011",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12011",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34373",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1210",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12011",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-20-778",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34373",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10274",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "2E91579B-642F-4242-83F1-D1D890CC5345",
"trust": 0.2
},
{
"db": "IVD",
"id": "213F4B05-E0A3-4F65-B456-B752579D9402",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
]
},
"id": "VAR-202007-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
}
]
},
"last_update_date": "2023-12-18T12:35:28.320000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/222929"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-778/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12011"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"date": "2020-07-16T19:15:11.830000",
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"date": "2020-07-29T13:55:13.330000",
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
],
"trust": 1.0
}
}
VAR-202007-0208
Vulnerability from variot - Updated: 2023-12-18 12:35A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "bizviz",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "energy analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "genesis 64",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "mobilehmi",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "quality analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "mc works",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "64"
},
{
"model": "mc works 32",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008308",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34372",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008308",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12015",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12015",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008308",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-12015",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12015",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-780",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34372",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95379131",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10297",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "4BDA61CA-BD50-4B09-A018-05EA35FF2332",
"trust": 0.2
},
{
"db": "IVD",
"id": "31AD87C7-757E-410A-89C6-906CC763B446",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
]
},
"id": "VAR-202007-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
}
]
},
"last_update_date": "2023-12-18T12:35:28.279000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://iconics.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/"
},
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/222933"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 2.3,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12015"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12015"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95379131/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-780/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"date": "2020-07-16T22:15:11.493000",
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"date": "2020-07-22T17:39:48.070000",
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"date": "2020-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unreliable data deserialization vulnerabilities in multiple MC products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
],
"trust": 1.0
}
}
VAR-202007-0205
Vulnerability from variot - Updated: 2023-12-18 12:35A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yehuda Anikster of Claroty Research",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-776"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34369",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12007",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12007",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12007",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12007",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-34369",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1227",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12007",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12007",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-776",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34369",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10267",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "B28667EE-4B0F-4654-BD4F-FBB2C24C795A",
"trust": 0.2
},
{
"db": "IVD",
"id": "36556B9E-B308-4C4F-A8AF-5FCE9F89C31B",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-12007",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
]
},
"id": "VAR-202007-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
],
"trust": 1.736598425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
]
},
"last_update_date": "2023-12-18T12:35:28.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/222941"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2c"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12007"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-776/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183626"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"date": "2020-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"date": "2020-07-16T22:15:11.337000",
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"date": "2020-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"date": "2023-11-07T03:15:18.663000",
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MC Works64 Code Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
],
"trust": 1.0
}
}
VAR-202007-1433
Vulnerability from variot - Updated: 2023-12-18 12:35A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process.
There is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works64",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.95.208.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben McBride",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12013",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34370",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12013",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12013",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12013",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34370",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1207",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process. \n\r\n\r\nThere is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12013",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-20-779",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34370",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10288",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "619034F0-2A16-43EB-8D34-F889BD91A2AF",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2B262E1-E8A9-471A-A771-486F23CD118B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
]
},
"id": "VAR-202007-1433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
}
]
},
"last_update_date": "2023-12-18T12:35:28.209000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/222939"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-779/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12013"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"date": "2020-07-16T22:15:11.417000",
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"date": "2021-11-04T17:39:53.020000",
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
],
"trust": 0.6
}
}