Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    97 vulnerabilities by iconics

    CVE-2024-9852 (GCVE-0-2024-9852)

    Vulnerability from nvd – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:39:20.927830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:43:35.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:38:42.201Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-9852",
        "datePublished": "2024-11-28T22:20:28.303Z",
        "dateReserved": "2024-10-11T01:20:49.722Z",
        "dateUpdated": "2026-04-08T13:38:42.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8300 (GCVE-0-2024-8300)

    Vulnerability from nvd – Published: 2024-11-28 22:18 – Updated: 2026-01-09 07:52
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite
    Summary
    Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    iconics genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:50:37.535229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:53:27.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-561",
                  "description": "CWE-561 Dead Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T07:52:13.107Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8300",
        "datePublished": "2024-11-28T22:18:28.358Z",
        "dateReserved": "2024-08-29T06:26:41.397Z",
        "dateUpdated": "2026-01-09T07:52:13.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8299 (GCVE-0-2024-8299)

    Vulnerability from nvd – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T16:37:52.677330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T16:40:42.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:35:35.670Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8299",
        "datePublished": "2024-11-28T22:16:31.396Z",
        "dateReserved": "2024-08-29T06:26:34.979Z",
        "dateUpdated": "2026-04-08T13:35:35.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7587 (GCVE-0-2024-7587)

    Vulnerability from nvd – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46
    VLAI
    Title
    Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
    Summary
    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "10.97.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:49.960141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:50:04.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:46:11.126Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95548104"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-7587",
        "datePublished": "2024-10-22T22:19:20.646Z",
        "dateReserved": "2024-08-07T08:06:04.877Z",
        "dateUpdated": "2026-01-09T05:46:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1574 (GCVE-0-2024-1574)

    Vulnerability from nvd – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
    VLAI
    Summary
    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:44:19.238774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:45:36.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:31:05.753Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1574",
        "datePublished": "2024-07-04T09:02:35.260Z",
        "dateReserved": "2024-02-16T01:30:45.960Z",
        "dateUpdated": "2026-04-08T13:31:05.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1573 (GCVE-0-2024-1573)

    Vulnerability from nvd – Published: 2024-07-04 08:59 – Updated: 2026-04-13 22:47
    VLAI
    Summary
    Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) "Automatic log in" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:46:51.356597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:46:55.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T22:47:17.575Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1573",
        "datePublished": "2024-07-04T08:59:44.079Z",
        "dateReserved": "2024-02-16T01:30:41.285Z",
        "dateUpdated": "2026-04-13T22:47:17.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1182 (GCVE-0-2024-1182)

    Vulnerability from nvd – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28
    VLAI
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:23:47.078975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:25:49.496Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:28:11.189Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1182",
        "datePublished": "2024-07-04T08:53:41.217Z",
        "dateReserved": "2024-02-02T00:20:48.886Z",
        "dateUpdated": "2026-04-08T13:28:11.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9852 (GCVE-0-2024-9852)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:20 – Updated: 2026-04-08 13:38
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.3 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , < * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:39:20.927830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:43:35.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:38:42.201Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-9852",
        "datePublished": "2024-11-28T22:20:28.303Z",
        "dateReserved": "2024-10-11T01:20:49.722Z",
        "dateUpdated": "2026-04-08T13:38:42.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8300 (GCVE-0-2024-8300)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:18 – Updated: 2026-01-09 07:52
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite
    Summary
    Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Corporation GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: Version 10.97.2
    Affected: Version 10.97.2 CFR1
    Affected: Version 10.97.2 CRF2
    Affected: Version 10.97.3
    Create a notification for this product.
    iconics genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric genesis64 Affected: 10.97.2
    Affected: 10.97.2cfr1
    Affected: 10.97.2cfr2
    Affected: 10.97.3
        cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "genesis64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.97.2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr1"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.2cfr2"
                  },
                  {
                    "status": "affected",
                    "version": "10.97.3"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T18:50:37.535229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T18:53:27.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 10.97.2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CFR1"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.2 CRF2"
                },
                {
                  "status": "affected",
                  "version": "Version 10.97.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-561",
                  "description": "CWE-561 Dead Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T07:52:13.107Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8300",
        "datePublished": "2024-11-28T22:18:28.358Z",
        "dateReserved": "2024-08-29T06:26:41.397Z",
        "dateUpdated": "2026-01-09T07:52:13.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8299 (GCVE-0-2024-8299)

    Vulnerability from cvelistv5 – Published: 2024-11-28 22:16 – Updated: 2026-04-08 13:35
    VLAI
    Title
    Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Credits
    Asher Davila of Palo Alto Networks Malav Vyas of Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T16:37:52.677330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T16:40:42.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asher Davila of Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Malav Vyas of Palo Alto Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:35:35.670Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU93891820"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious Code Execution Vulnerability in GENESIS64, ICONICS Suite, Hyper Historian, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-8299",
        "datePublished": "2024-11-28T22:16:31.396Z",
        "dateReserved": "2024-08-29T06:26:34.979Z",
        "dateUpdated": "2026-04-08T13:35:35.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7587 (GCVE-0-2024-7587)

    Vulnerability from cvelistv5 – Published: 2024-10-22 22:19 – Updated: 2026-01-09 05:46
    VLAI
    Title
    Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32
    Summary
    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "10.97.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:49.960141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:50:04.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 9.70.300.23 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
                }
              ],
              "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Information Tampering and Denial of Service (DoS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T05:46:11.126Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU95548104"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64, ICONICS Suite, MC Works64, and GENESIS32",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-7587",
        "datePublished": "2024-10-22T22:19:20.646Z",
        "dateReserved": "2024-08-07T08:06:04.877Z",
        "dateUpdated": "2026-01-09T05:46:11.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1574 (GCVE-0-2024-1574)

    Vulnerability from cvelistv5 – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
    VLAI
    Summary
    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS32 Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation BizViz Affected: versions 9.7 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:44:19.238774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:45:36.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BizViz",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:31:05.753Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1574",
        "datePublished": "2024-07-04T09:02:35.260Z",
        "dateReserved": "2024-02-16T01:30:45.960Z",
        "dateUpdated": "2026-04-08T13:31:05.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1573 (GCVE-0-2024-1573)

    Vulnerability from cvelistv5 – Published: 2024-07-04 08:59 – Updated: 2026-04-13 22:47
    VLAI
    Summary
    Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) "Automatic log in" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
    Create a notification for this product.
    Mitsubishi Electric Iconics Digital Solutions IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation IoTWorX Affected: version 10.95
    Create a notification for this product.
    Mitsubishi Electric Corporation MC Works64 Affected: all versions
    Create a notification for this product.
    iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
        cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
    Create a notification for this product.
    mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThan": "10.97.92",
                    "status": "affected",
                    "version": "10.97",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T14:46:51.356597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T14:46:55.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AnalytiX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MobileHMI",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 10.97.2 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IoTWorX",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.95"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, and Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95 allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: (1) Active Directory is used in the security setting (2) \"Automatic log in\" option is enabled in the security setting (3) The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. (4) The IcoAnyGlass IIS Application Pool account is included in GENESIS64, ICONCIS Suite, and MC Works64 Security and has permission to log in."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T22:47:17.575Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1573",
        "datePublished": "2024-07-04T08:59:44.079Z",
        "dateReserved": "2024-02-16T01:30:41.285Z",
        "dateUpdated": "2026-04-13T22:47:17.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1182 (GCVE-0-2024-1182)

    Vulnerability from cvelistv5 – Published: 2024-07-04 08:53 – Updated: 2026-04-08 13:28
    VLAI
    Summary
    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU98894016/"
              },
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "genesis64",
                "vendor": "iconics",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mc_works64",
                "vendor": "mitsubishielectric",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:23:47.078975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:25:49.496Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICONICS Suite",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hyper Historian",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.97.3 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Iconics Digital Solutions",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GENESIS32",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 9.7 and prior"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC Works64",
              "vendor": "Mitsubishi Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Malicious Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:28:11.189Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://jvn.jp/vu/JVNVU98894016/"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2024-1182",
        "datePublished": "2024-07-04T08:53:41.217Z",
        "dateReserved": "2024-02-02T00:20:48.886Z",
        "dateUpdated": "2026-04-08T13:28:11.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6061 (GCVE-0-2023-6061)

    Vulnerability from cvelistv5 – Published: 2023-12-07 23:21 – Updated: 2024-12-12 22:56
    VLAI

    This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto Networks) based on discussions with Mitsubishi Electronics Corporation's PSIRT.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2024-12-12T22:56:25.742Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto Networks) based on discussions with Mitsubishi Electronics Corporation\u0027s PSIRT."
                }
              ],
              "value": "This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto Networks) based on discussions with Mitsubishi Electronics Corporation\u0027s PSIRT."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2023-6061",
        "datePublished": "2023-12-07T23:21:22.755Z",
        "dateRejected": "2024-12-12T22:56:25.742Z",
        "dateReserved": "2023-11-09T18:55:45.555Z",
        "dateUpdated": "2024-12-12T22:56:25.742Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202201-0603

    Vulnerability from variot - Updated: 2024-02-13 22:46

    Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Mitsubishi Electric products and multiple ICONICS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan's Mitsubishi Electric (Mitsubishi Electric).

    A security vulnerability exists in Mitsubishi Electric MC Works64 that originates in the ICONICS and Mitsubishi Electric ICONICS product suites. The FrameWorX server in the Mitsubishi Electric MC Works64 product could allow an attacker to exploit the vulnerability to open a WebSocket endpoint (port 80 or 443) when bypassing GENESIS64 MC Works64 security. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0603",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mc works64",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.201.23"
          },
          {
            "model": "mc works64",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.210.01"
          },
          {
            "model": "mobilehmi",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.97"
          },
          {
            "model": "hyper historian",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.97"
          },
          {
            "model": "genesis64",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.97"
          },
          {
            "model": "hyper historian",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.95.3"
          },
          {
            "model": "genesis64",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.95.3"
          },
          {
            "model": "mobilehmi",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.95.3"
          },
          {
            "model": "analytix",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.95.3"
          },
          {
            "model": "analytix",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.97"
          },
          {
            "model": "hyper historian",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works64",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "4.00a (10.95.201.23)  to  4.04e (10.95.210.01)"
          },
          {
            "model": "mobilehmi",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis 64",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works64",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "10.95.201.23,\u003c=10.95.210.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:analytix:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.97",
                    "versionStartIncluding": "10.95.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.97",
                    "versionStartIncluding": "10.95.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.97",
                    "versionStartIncluding": "10.95.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.97",
                    "versionStartIncluding": "10.95.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.95.210.01",
                    "versionStartIncluding": "10.95.201.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23128",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2022-23128",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-08358",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-23128",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-23128",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08358",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-1829",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23128",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Mitsubishi Electric products and multiple ICONICS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric). \n\r\n\r\nA security vulnerability exists in Mitsubishi Electric MC Works64 that originates in the ICONICS and Mitsubishi Electric ICONICS product suites. The FrameWorX server in the Mitsubishi Electric MC Works64 product could allow an attacker to exploit the vulnerability to open a WebSocket endpoint (port 80 or 443) when bypassing GENESIS64 MC Works64 security. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23128"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23128",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-020-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU95403720",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0311",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012108",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23128",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "id": "VAR-202201-0603",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          }
        ]
      },
      "last_update_date": "2024-02-13T22:46:25.925000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page Mitsubishi Electric Mitsubishi\u00a0Electric\u00a0Corporation",
            "trust": 0.8,
            "url": "https://iconics.com/"
          },
          {
            "title": "Patch for Unknown Vulnerability in Mitsubishi Electric MC Works64",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/317671"
          },
          {
            "title": "Mitsubishi Electric MC Works64 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179152"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-rce "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/vu/jvnvu95403720/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23128"
          },
          {
            "trust": 1.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95403720/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0311"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012108"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "date": "2022-01-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23128"
          },
          {
            "date": "2023-03-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "date": "2022-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          },
          {
            "date": "2022-01-21T19:15:09.977000",
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08358"
          },
          {
            "date": "2022-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23128"
          },
          {
            "date": "2023-03-10T03:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          },
          {
            "date": "2022-02-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          },
          {
            "date": "2022-01-27T20:20:33.137000",
            "db": "NVD",
            "id": "CVE-2022-23128"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric products and multiple \u00a0ICONICS\u00a0 Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003883"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1829"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0604

    Vulnerability from variot - Updated: 2024-02-13 22:46

    Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. Mitsubishi Electric MC Works64 , ICONICS GENESIS64 , ICONICS Hyper Historian Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan's Mitsubishi Electric (Mitsubishi Electric).

    Mitsubishi Electric MC Works64 has a security vulnerability that stems from a coding error in the SQL query engine memory allocation code that makes it possible to execute a series of SQL commands in a GENESIS64 system or MC Works64 system, which can cause the SQL query engine to crash and cause SQL Server Disabled. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0604",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "genesis64",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.97"
          },
          {
            "model": "mc works64",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.201.23"
          },
          {
            "model": "mc works64",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.210.01"
          },
          {
            "model": "hyper historian",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.97"
          },
          {
            "model": "hyper historian",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works64",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "4.00a (10.95.201.23)  to  4.04e (10.95.210.01)"
          },
          {
            "model": "genesis 64",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works64 \u003c4.04e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(10.95.210.01)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.97",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.97",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.95.210.01",
                    "versionStartIncluding": "10.95.201.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23130",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-23130",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-08357",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-23130",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-23130",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08357",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-1789",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23130",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. Mitsubishi Electric MC Works64 , ICONICS GENESIS64 , ICONICS Hyper Historian Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric). \n\r\n\r\nMitsubishi Electric MC Works64 has a security vulnerability that stems from a coding error in the SQL query engine memory allocation code that makes it possible to execute a series of SQL commands in a GENESIS64 system or MC Works64 system, which can cause the SQL query engine to crash and cause SQL Server Disabled. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23130"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23130",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-020-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU95403720",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0311",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012108",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23130",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "id": "VAR-202201-0604",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          }
        ]
      },
      "last_update_date": "2024-02-13T22:46:25.869000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page Mitsubishi Electric Mitsubishi\u00a0Electric\u00a0Corporation",
            "trust": 0.8,
            "url": "https://iconics.com/"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/317666"
          },
          {
            "title": "Mitsubishi Electric MC Works64 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179833"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-rce "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/vu/jvnvu95403720/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23130"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95403720/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
          },
          {
            "trust": 0.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0311"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012108"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "date": "2022-01-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23130"
          },
          {
            "date": "2023-03-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "date": "2022-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          },
          {
            "date": "2022-01-21T19:15:10.080000",
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08357"
          },
          {
            "date": "2022-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23130"
          },
          {
            "date": "2023-03-10T03:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          },
          {
            "date": "2022-02-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          },
          {
            "date": "2022-01-27T20:42:26.387000",
            "db": "NVD",
            "id": "CVE-2022-23130"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric products and multiple \u00a0ICONICS\u00a0 Product out-of-bounds read vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003878"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1789"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0605

    Vulnerability from variot - Updated: 2024-02-13 22:46

    Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL. Mitsubishi Electric MC Works64 and ICONICS MobileHMI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. An attacker could exploit this vulnerability to execute JavaScript code on the client side

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0605",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mobilehmi",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "10.96.2"
          },
          {
            "model": "mc works64",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.210.01"
          },
          {
            "model": "mc works64",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "4.04e (10.95.210.01)  and earlier"
          },
          {
            "model": "mobilehmi",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works64",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "10.95.210.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.96.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.95.210.01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23127",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-23127",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-08219",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2022-23127",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-23127",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08219",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-1854",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23127",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL. Mitsubishi Electric MC Works64 and ICONICS MobileHMI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. An attacker could exploit this vulnerability to execute JavaScript code on the client side",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23127"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23127",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-020-01",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU95403720",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0311",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012109",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23127",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "id": "VAR-202201-0605",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          }
        ]
      },
      "last_update_date": "2024-02-13T22:46:25.837000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page Mitsubishi Electric Mitsubishi\u00a0Electric\u00a0Corporation",
            "trust": 0.8,
            "url": "https://iconics.com/"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/317286"
          },
          {
            "title": "Mitsubishi Electric MC Works64 Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179842"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-rce "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/vu/jvnvu95403720/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-025_en.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23127"
          },
          {
            "trust": 1.2,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95403720/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0311"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012109"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "date": "2022-01-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23127"
          },
          {
            "date": "2023-03-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "date": "2022-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          },
          {
            "date": "2022-01-21T19:15:09.913000",
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "date": "2022-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23127"
          },
          {
            "date": "2023-03-10T03:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003885"
          },
          {
            "date": "2022-02-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          },
          {
            "date": "2022-01-27T20:03:06.297000",
            "db": "NVD",
            "id": "CVE-2022-23127"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MC Works64 Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1854"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201207-0139

    Vulnerability from variot - Updated: 2023-12-18 14:06

    The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. GENESIS32/BizViz is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 and BizViz are prone to a local authentication-bypass vulnerability. Successful exploits may lead to other attacks. Iconics GENESIS32 and BizViz versions 9.22 and prior are vulnerable. ----------------------------------------------------------------------

    We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi


    TITLE: ICONICS GENESIS32 / BizViz Privilege Escalation Vulnerability

    SECUNIA ADVISORY ID: SA50116

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50116/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50116

    RELEASE DATE: 2012-07-31

    DISCUSS ADVISORY: http://secunia.com/advisories/50116/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/50116/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=50116

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in ICONICS GENESIS32 and ICONICS BizViz, which can be exploited by malicious, local users to gain escalated privileges. This can be exploited to gain administrative access by predicting a challenge response.

    SOLUTION: Apply patches. Contact the vendor for further information.

    PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Dr. Wesley McGrew, Mississippi State University.

    ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201207-0139",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "iconics",
            "version": "8.05"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "iconics",
            "version": "9.13"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "iconics",
            "version": "9.01"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "iconics",
            "version": "8.05"
          },
          {
            "model": "bizviz",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": "genesis32",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.13"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.01"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.2"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.20"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.1"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.20"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.1"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.2"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "8.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "8.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "db": "BID",
            "id": "54732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.22",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.22",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. Wesley McGrew of Mississippi State University",
        "sources": [
          {
            "db": "BID",
            "id": "54732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2012-3018",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2012-3018",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "91b22ac4-2353-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-3018",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201207-599",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "91b22ac4-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. GENESIS32/BizViz is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 and BizViz are prone to a local authentication-bypass vulnerability. Successful exploits may lead to other attacks. \nIconics GENESIS32 and BizViz versions 9.22 and prior are vulnerable. ----------------------------------------------------------------------\n\nWe are millions!  Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS GENESIS32 / BizViz Privilege Escalation Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50116\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50116/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116\n\nRELEASE DATE:\n2012-07-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50116/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50116/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in ICONICS GENESIS32 and ICONICS\nBizViz, which can be exploited by malicious, local users to gain\nescalated privileges. This can be exploited to gain\nadministrative access by predicting a challenge response. \n\nSOLUTION:\nApply patches. Contact the vendor for further information. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Dr. Wesley McGrew, Mississippi State University. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "db": "BID",
            "id": "54732"
          },
          {
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "115131"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-3018",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-212-01",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "54732",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "50116",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "91B22AC4-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "115131",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "db": "BID",
            "id": "54732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "db": "PACKETSTORM",
            "id": "115131"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ]
      },
      "id": "VAR-201207-0139",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          }
        ],
        "trust": 1.4120857500000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:06:18.649000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CERT Security Update",
            "trust": 0.8,
            "url": "http://www.iconics.com/certs"
          },
          {
            "title": "Iconics GENESIS32/BizViz Local Verification Patch for Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/19400"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-212-01.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3018"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3018"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/50116"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/54732"
          },
          {
            "trust": 0.3,
            "url": "http://www.iconics.com/home/products/hmi-and-scada/genesis32.aspx"
          },
          {
            "trust": 0.3,
            "url": "http://www.iconics.com/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/psi"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50116/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50116/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "db": "BID",
            "id": "54732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "db": "PACKETSTORM",
            "id": "115131"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "db": "BID",
            "id": "54732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "db": "PACKETSTORM",
            "id": "115131"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-08-01T00:00:00",
            "db": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2012-08-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "date": "2012-07-30T00:00:00",
            "db": "BID",
            "id": "54732"
          },
          {
            "date": "2012-08-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "date": "2012-07-31T03:57:42",
            "db": "PACKETSTORM",
            "id": "115131"
          },
          {
            "date": "2012-07-31T10:45:42.467000",
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "date": "2012-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-08-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-4039"
          },
          {
            "date": "2015-03-19T08:11:00",
            "db": "BID",
            "id": "54732"
          },
          {
            "date": "2012-08-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          },
          {
            "date": "2012-07-31T10:45:42.467000",
            "db": "NVD",
            "id": "CVE-2012-3018"
          },
          {
            "date": "2012-08-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "54732"
          },
          {
            "db": "PACKETSTORM",
            "id": "115131"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS GENESIS32 and  BizViz Vulnerable to access restrictions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003431"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201207-599"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201402-0348

    Vulnerability from variot - Updated: 2023-12-18 14:06

    An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. GENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0348",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 3.3,
            "vendor": "iconics",
            "version": "8.05"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 3.3,
            "vendor": "iconics",
            "version": "8.0"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 3.3,
            "vendor": "iconics",
            "version": "8.02"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 3.3,
            "vendor": "iconics",
            "version": "8.04"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.20"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.2"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.13"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.1"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.01"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "8.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "8.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "8.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "8.05"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "db": "BID",
            "id": "65706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NCCIC/ICS-CERT",
        "sources": [
          {
            "db": "BID",
            "id": "65706"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0758",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2014-0758",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2014-01214",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "33a69fba-2352-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-0758",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-01214",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201402-351",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "33a69fba-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nGENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "db": "BID",
            "id": "65706"
          },
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0758",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-051-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "65706",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "57034",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "33A69FBA-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "db": "BID",
            "id": "65706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ]
      },
      "id": "VAR-201402-0348",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          }
        ],
        "trust": 1.4315789
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:06:13.184000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GENESIS32",
            "trust": 0.8,
            "url": "http://www.iconics.com/home/products/hmi-scada-software-solutions/genesis32.aspx"
          },
          {
            "title": "Iconics GENESIS32 ActiveX Control Remote Code Execution Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/43839"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0758"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0758"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/57034"
          },
          {
            "trust": 0.3,
            "url": "http://iconics.com/home/products/hmi-scada-software-solutions/genesis32.aspx"
          },
          {
            "trust": 0.3,
            "url": "http://iconics.com/iconicswebsite/media/documents/support%20downloads/whitepaper_security_vulnerabilities_february_19_2014.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "db": "BID",
            "id": "65706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "db": "BID",
            "id": "65706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-02-25T00:00:00",
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "BID",
            "id": "65706"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "date": "2014-02-24T04:48:10.193000",
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "date": "2014-02-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "BID",
            "id": "65706"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001458"
          },
          {
            "date": "2014-02-24T19:45:33.177000",
            "db": "NVD",
            "id": "CVE-2014-0758"
          },
          {
            "date": "2014-02-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Iconics GENESIS32 ActiveX Control Remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01214"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation",
        "sources": [
          {
            "db": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-351"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201105-0146

    Vulnerability from variot - Updated: 2023-12-18 14:02

    Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the 'GenVersion.dll' ActiveX control. Failed exploit attempts will result in a denial-of-service condition. "SetActiveXGUID()" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------

    Secunia is hiring!

    http://secunia.com/company/jobs/


    TITLE: ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability

    SECUNIA ADVISORY ID: SA44417

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44417

    RELEASE DATE: 2011-05-04

    DISCUSS ADVISORY: http://secunia.com/advisories/44417/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/44417/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=44417

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been discovered in ICONICS VersionInfo ActiveX control, which can be exploited by malicious people to compromise a user's system.

    The vulnerability is confirmed in GenVersion.dll version 8.0.138.0. Other versions may also be affected.

    SOLUTION: Update to a fixed version. Contact the vendor for further information.

    PROVIDED AND/OR DISCOVERED BY: Scott Bell and Blair Strang, Security-Assessment.com

    ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0146",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.2"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.20"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.13"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.01"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.1"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.2"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iconics",
            "version": "9.1"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.20"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.13"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.01"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "iconics",
            "version": "9.x"
          },
          {
            "model": "bizviz",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": "genesis32",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iconics",
            "version": "9.x"
          },
          {
            "model": "versioninfo activex control",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iconics",
            "version": "8.x"
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iconics",
            "version": "10.x"
          },
          {
            "model": "pacis sui rc7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.1"
          },
          {
            "model": "pacis sui rc6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.1"
          },
          {
            "model": "webhmi activex control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.21"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "iconics",
            "version": "9.x*"
          },
          {
            "model": "versioninfo activex control",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "iconics",
            "version": "8.x*"
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "iconics",
            "version": "10.x*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "db": "BID",
            "id": "47704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Bell \u0026 Blair Strang",
        "sources": [
          {
            "db": "BID",
            "id": "47704"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-2089",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2011-2089",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "f780befa-2354-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
                "impactScore": 7.8,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
                "version": "2.0 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-2089",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201105-169",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "f780befa-2354-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the \u0027GenVersion.dll\u0027 ActiveX control. Failed exploit attempts will result in a denial-of-service condition. \"SetActiveXGUID()\" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA44417\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44417/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44417/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44417/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in ICONICS VersionInfo ActiveX\ncontrol, which can be exploited by malicious people to compromise a\nuser\u0027s system. \n\nThe vulnerability is confirmed in GenVersion.dll version 8.0.138.0. \nOther versions may also be affected. \n\nSOLUTION:\nUpdate to a fixed version. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nScott Bell and Blair Strang, Security-Assessment.com\n\nORIGINAL ADVISORY:\nhttp://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "db": "BID",
            "id": "47704"
          },
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "101133"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "44417",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2089",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "47704",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-11-131-01",
            "trust": 2.4
          },
          {
            "db": "OSVDB",
            "id": "72135",
            "trust": 2.4
          },
          {
            "db": "EXPLOIT-DB",
            "id": "17269",
            "trust": 1.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "17240",
            "trust": 1.6
          },
          {
            "db": "VUPEN",
            "id": "ADV-2011-1174",
            "trust": 1.6
          },
          {
            "db": "XF",
            "id": "67267",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "F780BEFA-2354-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "30D8DBBE-1F96-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "101133",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "db": "BID",
            "id": "47704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "db": "PACKETSTORM",
            "id": "101133"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ]
      },
      "id": "VAR-201105-0146",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          }
        ],
        "trust": 1.7413905
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:02:12.822000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Hot Fixes",
            "trust": 0.8,
            "url": "http://www.iconics.com/home/support/hot-fixes.aspx"
          },
          {
            "title": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/3787"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-131-01.pdf"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/44417"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/47704"
          },
          {
            "trust": 2.0,
            "url": "http://www.security-assessment.com/files/documents/advisory/iconics_webhmi.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://www.exploit-db.com/exploits/17240"
          },
          {
            "trust": 1.6,
            "url": "http://www.exploit-db.com/exploits/17269"
          },
          {
            "trust": 1.6,
            "url": "http://www.osvdb.org/72135"
          },
          {
            "trust": 1.6,
            "url": "http://www.vupen.com/english/advisories/2011/1174"
          },
          {
            "trust": 1.4,
            "url": "http://xforce.iss.net/xforce/xfdb/67267"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2089"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2089"
          },
          {
            "trust": 0.8,
            "url": "http://osvdb.org/72135"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/44417/http"
          },
          {
            "trust": 0.3,
            "url": "http://download.schneider-electric.com/files?p_file_id=320329939"
          },
          {
            "trust": 0.3,
            "url": "http://www.iconics.com/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44417/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/company/jobs/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44417/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "db": "BID",
            "id": "47704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "db": "PACKETSTORM",
            "id": "101133"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "db": "BID",
            "id": "47704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "db": "PACKETSTORM",
            "id": "101133"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-05-16T00:00:00",
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-05-05T00:00:00",
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-05-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "date": "2011-05-03T00:00:00",
            "db": "BID",
            "id": "47704"
          },
          {
            "date": "2011-06-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "date": "2011-05-05T06:57:34",
            "db": "PACKETSTORM",
            "id": "101133"
          },
          {
            "date": "2011-05-13T17:05:45.643000",
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "date": "2011-05-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-05-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          },
          {
            "date": "2015-04-13T21:01:00",
            "db": "BID",
            "id": "47704"
          },
          {
            "date": "2011-06-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001794"
          },
          {
            "date": "2017-08-29T01:29:16.080000",
            "db": "NVD",
            "id": "CVE-2011-2089"
          },
          {
            "date": "2011-05-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-169"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-200612-0248

    Vulnerability from variot - Updated: 2023-12-18 13:54

    Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. ICONICS is a professional company that provides OPC-based visualization software. Failed attempts can crash the host application. Versions prior to DlgWrapper.dll 8.4.166.0 are affected.


    Secunia is proud to announce the availability of the Secunia Software Inspector.

    The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. visits a malicious website.

    The vulnerability is confirmed in ICONICS Vessel ActiveX 8.02.140 including DlgWrapper.dll 8.0.138.0.

    SOLUTION: Update to DlgWrapper.dll 8.4.166.0 by applying the hotfix: http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip

    PROVIDED AND/OR DISCOVERED BY: Will Dormann

    ORIGINAL ADVISORY: US-CERT VU#251969: http://www.kb.cert.org/vuls/id/251969


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200612-0248",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dialog wrapper module activex control",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "8.4.165.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "dialog wrapper module activex control",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "iconics",
            "version": "8.4.166.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "none",
            "version": null
          },
          {
            "model": "dialog wrapper module activex control",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iconics",
            "version": "8.4.165.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "dialog wrapper module activex control",
            "version": "*"
          },
          {
            "model": "vessel/gauge/switch activex control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "8.02.140.0"
          },
          {
            "model": "dlgwrapper.dll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "8.0.138.0"
          },
          {
            "model": "dialog wrapper module activex control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "0"
          },
          {
            "model": "dlgwrapper.dll",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "8.4.166.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          },
          {
            "db": "BID",
            "id": "21849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:dialog_wrapper_module_activex_control:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.4.165.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Will Dormann",
        "sources": [
          {
            "db": "BID",
            "id": "21849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2006-6488",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2006-6488",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "98456900-2353-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-6488",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#251969",
                "trust": 0.8,
                "value": "9.23"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200612-721",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "98456900-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. ICONICS is a professional company that provides OPC-based visualization software. Failed attempts can crash the host application. \nVersions prior to DlgWrapper.dll 8.4.166.0 are affected. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. visits a malicious website. \n\nThe vulnerability is confirmed in ICONICS Vessel ActiveX 8.02.140\nincluding DlgWrapper.dll 8.0.138.0. \n\nSOLUTION:\nUpdate to DlgWrapper.dll 8.4.166.0 by applying the hotfix:\nhttp://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip\n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann\n\nORIGINAL ADVISORY:\nUS-CERT VU#251969:\nhttp://www.kb.cert.org/vuls/id/251969\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          },
          {
            "db": "BID",
            "id": "21849"
          },
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "PACKETSTORM",
            "id": "53382"
          }
        ],
        "trust": 3.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-6488",
            "trust": 3.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#251969",
            "trust": 3.3
          },
          {
            "db": "SECUNIA",
            "id": "23583",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "21849",
            "trust": 1.9
          },
          {
            "db": "OSVDB",
            "id": "32552",
            "trust": 1.6
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0025",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "6570",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "31228",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "9823",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "98456900-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D7D7A13-463F-11E9-A5CB-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "53382",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          },
          {
            "db": "BID",
            "id": "21849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "db": "PACKETSTORM",
            "id": "53382"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ]
      },
      "id": "VAR-200612-0248",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          }
        ],
        "trust": 0.1
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:54:06.057000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.iconics.com/home.aspx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.kb.cert.org/vuls/id/251969"
          },
          {
            "trust": 1.6,
            "url": "http://osvdb.org/32552"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23583"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/21849"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0025"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31228"
          },
          {
            "trust": 0.9,
            "url": "http://www.iconics.com/support/free_tools/freetoolsactivex_dlgwrapperhotfix.zip"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/23583/"
          },
          {
            "trust": 0.8,
            "url": "http://www.iconics.com/support/free_tools.asp"
          },
          {
            "trust": 0.8,
            "url": "http://www.iconics.com/support/readme_file.asp?file=195"
          },
          {
            "trust": 0.8,
            "url": "http://www.digitalmunition.com/iconics_dlgwrapper.rb"
          },
          {
            "trust": 0.8,
            "url": "http://www.milw0rm.com/exploits/6570"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6488"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6488"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2007/0025"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/31228"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/9823"
          },
          {
            "trust": 0.3,
            "url": "http://carnal0wnage.blogspot.com/2008/10/malware-targeting-industrial-control.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.iconics.com/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/software_inspector/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/13097/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/13096/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/13098/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "db": "BID",
            "id": "21849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "db": "PACKETSTORM",
            "id": "53382"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          },
          {
            "db": "BID",
            "id": "21849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "db": "PACKETSTORM",
            "id": "53382"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-01-02T00:00:00",
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2007-01-02T00:00:00",
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "date": "2007-01-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "date": "2007-01-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          },
          {
            "date": "2007-01-02T00:00:00",
            "db": "BID",
            "id": "21849"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "date": "2007-01-03T23:45:45",
            "db": "PACKETSTORM",
            "id": "53382"
          },
          {
            "date": "2006-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "date": "2006-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2009-10-29T00:00:00",
            "db": "CERT/CC",
            "id": "VU#251969"
          },
          {
            "date": "2007-01-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          },
          {
            "date": "2015-03-19T09:49:00",
            "db": "BID",
            "id": "21849"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002556"
          },
          {
            "date": "2017-07-29T01:29:33.607000",
            "db": "NVD",
            "id": "CVE-2006-6488"
          },
          {
            "date": "2007-01-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-0011"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "98456900-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-721"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201204-0058

    Vulnerability from variot - Updated: 2023-12-18 13:15

    Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Failed exploit attempts will result in a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0058",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "9.2"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "9.1"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "8.05"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "9.2"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "9.1"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "iconics",
            "version": "8.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "8.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "8.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.2"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "57146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios and Terry McCorkle",
        "sources": [
          {
            "db": "BID",
            "id": "57146"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-5089",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2011-5089",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "f069156e-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-5089",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201204-418",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "f069156e-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Failed exploit attempts will result in a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "db": "BID",
            "id": "57146"
          },
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-5089",
            "trust": 2.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-11-182-02",
            "trust": 2.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "57146",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "F069156E-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "57146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ]
      },
      "id": "VAR-201204-0058",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 0.81208575
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:15:04.773000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CERT Security Update",
            "trust": 0.8,
            "url": "http://www.iconics.com/certs"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-182-02.pdf"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5089"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5089"
          },
          {
            "trust": 0.3,
            "url": "http://www.iconics.com/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "57146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "57146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-04-19T00:00:00",
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-07-01T00:00:00",
            "db": "BID",
            "id": "57146"
          },
          {
            "date": "2012-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "date": "2012-04-18T17:55:01.213000",
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "date": "2012-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-19T08:32:00",
            "db": "BID",
            "id": "57146"
          },
          {
            "date": "2012-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005041"
          },
          {
            "date": "2017-08-29T01:30:40.757000",
            "db": "NVD",
            "id": "CVE-2011-5089"
          },
          {
            "date": "2012-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS GENESIS32 Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-418"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201204-0057

    Vulnerability from variot - Updated: 2023-12-18 12:52

    The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability.". ICONICS is a company specializing in providing OPC-based visualization software. GENESIS32 is prone to a remote security vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. This may potentially allow for the execution of arbitrary code. ----------------------------------------------------------------------

    The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242


    TITLE: ICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation

    SECUNIA ADVISORY ID: SA45847

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45847

    RELEASE DATE: 2011-09-02

    DISCUSS ADVISORY: http://secunia.com/advisories/45847/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/45847/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=45847

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in the ICONICS IcoSetServer ActiveX Control, which can be exploited by malicious people to manipulate certain data.

    The vulnerability is reported in version 9.21. Other versions may also be affected.

    SOLUTION: Apply patch or update to version 9.22.

    PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT.

    ORIGINAL ADVISORY: ICONICS: http://www.iconics.com/certs

    ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0057",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 3.8,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 3.6,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": "icosetserver activex control",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iconics",
            "version": "9.21"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.21.201.01"
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "0"
          },
          {
            "model": "genesis32",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": "bizviz",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iconics",
            "version": "9.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bizviz",
            "version": "9.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "genesis32",
            "version": "9.21"
          },
          {
            "model": "icosetserver activex control",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "iconics",
            "version": "9.21*"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "iconics",
            "version": "9.21*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "BID",
            "id": "79756"
          },
          {
            "db": "BID",
            "id": "49406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios and Terry McCorkle",
        "sources": [
          {
            "db": "BID",
            "id": "49406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2011-5088",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2011-5088",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2011-6116",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "f06efdd0-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d",
                "impactScore": 7.8,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
                "version": "2.0 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-5088",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2011-6116",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201204-417",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "f06efdd0-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\". ICONICS is a company specializing in providing OPC-based visualization software. GENESIS32 is prone to a remote security vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. This may potentially allow for the execution of arbitrary code. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation\n\nSECUNIA ADVISORY ID:\nSA45847\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45847/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847\n\nRELEASE DATE:\n2011-09-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45847/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45847/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in the ICONICS IcoSetServer ActiveX\nControl, which can be exploited by malicious people to manipulate\ncertain data. \n\nThe vulnerability is reported in version 9.21. Other versions may\nalso be affected. \n\nSOLUTION:\nApply patch or update to version 9.22. \n\nPROVIDED AND/OR DISCOVERED BY:\nBilly Rios and Terry McCorkle via ICS-CERT. \n\nORIGINAL ADVISORY:\nICONICS:\nhttp://www.iconics.com/certs\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "BID",
            "id": "79756"
          },
          {
            "db": "BID",
            "id": "49406"
          },
          {
            "db": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "104702"
          }
        ],
        "trust": 4.05
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-11-182-01",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5088",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "49406",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "45847",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-547",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "79756",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "7D7C4190-463F-11E9-B3F2-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "0347C63A-1F8A-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "F06EFDD0-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "56E4B816-1F8A-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "104702",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "BID",
            "id": "79756"
          },
          {
            "db": "BID",
            "id": "49406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "db": "PACKETSTORM",
            "id": "104702"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ]
      },
      "id": "VAR-201204-0057",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          }
        ],
        "trust": 2.7413905
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 2.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:52:18.634000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CERT Security Update",
            "trust": 0.8,
            "url": "http://www.iconics.com/certs"
          },
          {
            "title": "\\302\\240ICONICS IcoSetServer ActiveX Control Trust Domain Policy Operation Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/4983"
          },
          {
            "title": "ICONICS IcoSetServer ActiveX Control Trusted Space Any Domain Name Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/36330"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-DesignError",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-182-01.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5088"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5088"
          },
          {
            "trust": 0.7,
            "url": "http://secunia.com/advisories/45847/"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/49406/"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/49406"
          },
          {
            "trust": 0.3,
            "url": "http://www.iconics.com/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/242"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://www.iconics.com/certs"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/45847/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "BID",
            "id": "79756"
          },
          {
            "db": "BID",
            "id": "49406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "db": "PACKETSTORM",
            "id": "104702"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "BID",
            "id": "79756"
          },
          {
            "db": "BID",
            "id": "49406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "db": "PACKETSTORM",
            "id": "104702"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-09-05T00:00:00",
            "db": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
          },
          {
            "date": "2011-09-05T00:00:00",
            "db": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2012-04-19T00:00:00",
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-09-02T00:00:00",
            "db": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "date": "2011-09-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "date": "2012-04-18T00:00:00",
            "db": "BID",
            "id": "79756"
          },
          {
            "date": "2011-09-01T00:00:00",
            "db": "BID",
            "id": "49406"
          },
          {
            "date": "2012-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "date": "2011-09-01T03:53:12",
            "db": "PACKETSTORM",
            "id": "104702"
          },
          {
            "date": "2012-04-18T17:55:01.167000",
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          },
          {
            "date": "2012-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-3478"
          },
          {
            "date": "2011-09-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "date": "2012-04-18T00:00:00",
            "db": "BID",
            "id": "79756"
          },
          {
            "date": "2015-03-19T08:52:00",
            "db": "BID",
            "id": "49406"
          },
          {
            "date": "2012-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005040"
          },
          {
            "date": "2012-04-19T04:00:00",
            "db": "NVD",
            "id": "CVE-2011-5088"
          },
          {
            "date": "2011-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          },
          {
            "date": "2012-05-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS IcoSetServer ActiveX Control Trusted Space Any Domain Name Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-6116"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-547"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design error",
        "sources": [
          {
            "db": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "49406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-417"
          }
        ],
        "trust": 1.1
      }
    }

    VAR-201604-0062

    Vulnerability from variot - Updated: 2023-12-18 12:44

    Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. ICONICS WebHMI is a set of real-time automation software using a web browser in the HMI/SCADA suite. ICONICS WebHMI is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks. WebHMI 9 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0062",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "webhmi",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": "webhmi",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "iconics",
            "version": "9"
          },
          {
            "model": "webhmi",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "iconics",
            "version": "\u003c=9"
          },
          {
            "model": "webhmi",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iconics",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "webhmi",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:webhmi:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maxim Rupp",
        "sources": [
          {
            "db": "BID",
            "id": "85765"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-2289",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-2289",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-01984",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "5a98e534-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-2289",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2289",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01984",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201603-457",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "5a98e534-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. ICONICS WebHMI is a set of real-time automation software using a web browser in the HMI/SCADA suite. ICONICS WebHMI is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. \nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks. \nWebHMI 9 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "BID",
            "id": "85765"
          },
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2289",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-091-01",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "85765",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "5A98E534-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "BID",
            "id": "85765"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "id": "VAR-201604-0062",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          }
        ],
        "trust": 1.425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:44:55.663000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "WebHMI",
            "trust": 0.8,
            "url": "http://www.iconics.com/home/products/web-solutions/webhmi.aspx"
          },
          {
            "title": "ICONICS WebHMI Directory Traversal Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/73575"
          },
          {
            "title": "ICONICS WebHMI Fixes for directory traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60737"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-091-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2289"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2289"
          },
          {
            "trust": 0.3,
            "url": "http://www.iconics.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "BID",
            "id": "85765"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "BID",
            "id": "85765"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-05T00:00:00",
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "date": "2016-03-31T00:00:00",
            "db": "BID",
            "id": "85765"
          },
          {
            "date": "2016-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "date": "2016-04-01T23:59:00.117000",
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "date": "2016-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "date": "2016-03-31T00:00:00",
            "db": "BID",
            "id": "85765"
          },
          {
            "date": "2016-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-001932"
          },
          {
            "date": "2016-04-04T15:59:45.133000",
            "db": "NVD",
            "id": "CVE-2016-2289"
          },
          {
            "date": "2016-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS WebHMI Directory Traversal Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "5a98e534-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-457"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202007-0206

    Vulnerability from variot - Updated: 2023-12-18 12:35

    A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0206",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.95.208.31",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12009",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34371",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-12009",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12009",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12009",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34371",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1208",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12009",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10272",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "D97CB3A1-CB5E-4BB3-B9B8-62A73DD1F132",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "2AEA7BB9-A918-4CCF-A751-B9794DF3809B",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ]
      },
      "id": "VAR-202007-0206",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:35:28.353000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability (CNVD-2020-34371)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/222935"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-777/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12009"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "date": "2020-07-16T20:15:11.057000",
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "date": "2020-07-29T13:53:26.653000",
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(Pwn2Own) ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-0207

    Vulnerability from variot - Updated: 2023-12-18 12:35

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0207",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.95.208.31",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12011",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2020-34373",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "2e91579b-642f-4242-83f1-d1d890cc5345",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "213f4b05-e0a3-4f65-b456-b752579d9402",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12011",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12011",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12011",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34373",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1210",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "2e91579b-642f-4242-83f1-d1d890cc5345",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "213f4b05-e0a3-4f65-b456-b752579d9402",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64.  Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12011",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10274",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "2E91579B-642F-4242-83F1-D1D890CC5345",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "213F4B05-E0A3-4F65-B456-B752579D9402",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ]
      },
      "id": "VAR-202007-0207",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:35:28.320000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/222929"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-778/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12011"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "date": "2020-07-16T19:15:11.830000",
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "date": "2020-07-29T13:55:13.330000",
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-0208

    Vulnerability from variot - Updated: 2023-12-18 12:35

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0208",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "bizviz",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "energy analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis 64",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mobilehmi",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "quality analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "64"
          },
          {
            "model": "mc works 32",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.95.208.31",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12015",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008308",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34372",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "31ad87c7-757e-410a-89c6-906cc763b446",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008308",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12015",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12015",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008308",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12015",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34372",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1209",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "31ad87c7-757e-410a-89c6-906cc763b446",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64.  Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12015",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95379131",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10297",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "4BDA61CA-BD50-4B09-A018-05EA35FF2332",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "31AD87C7-757E-410A-89C6-906CC763B446",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ]
      },
      "id": "VAR-202007-0208",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:35:28.279000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://iconics.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/"
          },
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/222933"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12015"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12015"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95379131/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-780/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "date": "2020-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "date": "2020-07-16T22:15:11.493000",
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "date": "2020-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "date": "2020-07-22T17:39:48.070000",
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "date": "2020-07-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unreliable data deserialization vulnerabilities in multiple MC products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-0205

    Vulnerability from variot - Updated: 2023-12-18 12:35

    A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0205",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.95.208.31",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yehuda Anikster of Claroty Research",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12007",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34369",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12007",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12007",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12007",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12007",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34369",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1227",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12007",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12007",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10267",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "B28667EE-4B0F-4654-BD4F-FBB2C24C795A",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "36556B9E-B308-4C4F-A8AF-5FCE9F89C31B",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ]
      },
      "id": "VAR-202007-0205",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ],
        "trust": 1.736598425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:35:28.241000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 code issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/222941"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2c"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12007"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-776/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/502.html"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183626"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "date": "2020-07-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "date": "2020-07-16T22:15:11.337000",
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "date": "2023-11-07T03:15:18.663000",
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MC Works64 Code Issue Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-1433

    Vulnerability from variot - Updated: 2023-12-18 12:35

    A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process.

    There is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1433",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works64",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.95.208.31",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ben McBride",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12013",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34370",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12013",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12013",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12013",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34370",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1207",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process. \n\r\n\r\nThere is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12013",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10288",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "619034F0-2A16-43EB-8D34-F889BD91A2AF",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E2B262E1-E8A9-471A-A771-486F23CD118B",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ]
      },
      "id": "VAR-202007-1433",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:35:28.209000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/222939"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-779/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12013"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "date": "2020-07-16T22:15:11.417000",
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "date": "2021-11-04T17:39:53.020000",
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "date": "2021-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ],
        "trust": 0.6
      }
    }