Details of VAR-202007-0206

ID

VAR-202007-0206

CVE

CVE-2020-12009

TITLE

(Pwn2Own) ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-777

DESCRIPTION

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Trust: 2.43

sources: NVD: CVE-2020-12009 // ZDI: ZDI-20-777 // CNVD: CNVD-2020-34371 // IVD: d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132 // IVD: 2aea7bb9-a918-4ccf-a751-b9794df3809b

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132 // IVD: 2aea7bb9-a918-4ccf-a751-b9794df3809b // CNVD: CNVD-2020-34371

AFFECTED PRODUCTS

vendor:	mitsubishi	model:	electric mc works64 <=4.02c	scope:	eq	version:	(10.95.208.31)	Trust: 1.0
vendor:	iconics	model:	energy analytix	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	mc works	scope:	lte	version:	10.95.208.31	Trust: 1.0
vendor:	iconics	model:	mobilehmi	scope:	eq	version:	-	Trust: 1.0
vendor:	iconics	model:	bizviz	scope:	eq	version:	-	Trust: 1.0
vendor:	iconics	model:	facility analytix	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	mc works32	scope:	eq	version:	9.50.255.02	Trust: 1.0
vendor:	iconics	model:	genesis64	scope:	eq	version:	-	Trust: 1.0
vendor:	iconics	model:	genesis32	scope:	eq	version:	-	Trust: 1.0
vendor:	iconics	model:	quality analytix	scope:	eq	version:	-	Trust: 1.0
vendor:	iconics	model:	hyper historian	scope:	eq	version:	-	Trust: 1.0
vendor:	iconics	model:	smart energy analytix	scope:	eq	version:	-	Trust: 1.0
vendor:	iconics	model:	genesis64	scope:	-	version:	-	Trust: 0.7
vendor:	mitsubishi	model:	electric mc works32 3.00a	scope:	eq	version:	(9.50.255.02)	Trust: 0.6
vendor:	mitsubishi	model:	electric mc works32 3.00a	scope:	eq	version:	(9.50.255.02)*	Trust: 0.4

sources: IVD: d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132 // IVD: 2aea7bb9-a918-4ccf-a751-b9794df3809b // ZDI: ZDI-20-777 // CNVD: CNVD-2020-34371 // NVD: CVE-2020-12009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12009
value:	HIGH
Trust: 1.0
ZDI:	CVE-2020-12009
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-34371
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1208
value:	HIGH
Trust: 0.6
IVD:	d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132
value:	HIGH
Trust: 0.2
IVD:	2aea7bb9-a918-4ccf-a751-b9794df3809b
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2020-12009
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-34371
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	2aea7bb9-a918-4ccf-a751-b9794df3809b
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2020-12009
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ZDI:	CVE-2020-12009
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132 // IVD: 2aea7bb9-a918-4ccf-a751-b9794df3809b // ZDI: ZDI-20-777 // CNVD: CNVD-2020-34371 // CNNVD: CNNVD-202006-1208 // NVD: CVE-2020-12009

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 1.0

sources: NVD: CVE-2020-12009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1208

TYPE

Code problem

Trust: 1.0

sources: IVD: d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132 // IVD: 2aea7bb9-a918-4ccf-a751-b9794df3809b // CNNVD: CNNVD-202006-1208

PATCH

title:	ICONICS has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-170-03	Trust: 0.7
title:	Patch for Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability (CNVD-2020-34371)	url:	https://www.cnvd.org.cn/patchInfo/show/222935	Trust: 0.6

sources: ZDI: ZDI-20-777 // CNVD: CNVD-2020-34371

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12009	Trust: 3.3
db:	ICS CERT	id:	ICSA-20-170-02	Trust: 2.2
db:	ICS CERT	id:	ICSA-20-170-03	Trust: 1.6
db:	ZDI	id:	ZDI-20-777	Trust: 1.3
db:	CNVD	id:	CNVD-2020-34371	Trust: 1.0
db:	CNNVD	id:	CNNVD-202006-1208	Trust: 1.0
db:	ZDI_CAN	id:	ZDI-CAN-10272	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2147	Trust: 0.6
db:	IVD	id:	D97CB3A1-CB5E-4BB3-B9B8-62A73DD1F132	Trust: 0.2
db:	IVD	id:	2AEA7BB9-A918-4CCF-A751-B9794DF3809B	Trust: 0.2

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03	Trust: 1.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02	Trust: 1.6
url:	https://www.us-cert.gov/ics/advisories/icsa-20-170-02	Trust: 1.2
url:	https://www.us-cert.gov/ics/advisories/icsa-20-170-03	Trust: 0.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-777/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12009	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2147/	Trust: 0.6

sources: ZDI: ZDI-20-777 // CNVD: CNVD-2020-34371 // CNNVD: CNNVD-202006-1208 // NVD: CVE-2020-12009

CREDITS

Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)

Trust: 0.7

sources: ZDI: ZDI-20-777

SOURCES

db:	IVD	id:	d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132
db:	IVD	id:	2aea7bb9-a918-4ccf-a751-b9794df3809b
db:	ZDI	id:	ZDI-20-777
db:	CNVD	id:	CNVD-2020-34371
db:	CNNVD	id:	CNNVD-202006-1208
db:	NVD	id:	CVE-2020-12009

LAST UPDATE DATE

2024-11-23T22:11:26.751000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-777	date:	2020-06-30T00:00:00
db:	CNVD	id:	CNVD-2020-34371	date:	2020-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202006-1208	date:	2020-07-30T00:00:00
db:	NVD	id:	CVE-2020-12009	date:	2024-11-21T04:59:06.433

SOURCES RELEASE DATE

db:	IVD	id:	d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132	date:	2020-06-18T00:00:00
db:	IVD	id:	2aea7bb9-a918-4ccf-a751-b9794df3809b	date:	2020-06-18T00:00:00
db:	ZDI	id:	ZDI-20-777	date:	2020-06-30T00:00:00
db:	CNVD	id:	CNVD-2020-34371	date:	2020-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202006-1208	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-12009	date:	2020-07-16T20:15:11.057