Sign-up

ID

VAR-202007-0207


CVE

CVE-2020-12011


TITLE

(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-778

DESCRIPTION

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Trust: 2.43

sources: NVD: CVE-2020-12011 // ZDI: ZDI-20-778 // CNVD: CNVD-2020-34373 // IVD: 2e91579b-642f-4242-83f1-d1d890cc5345 // IVD: 213f4b05-e0a3-4f65-b456-b752579d9402

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 2e91579b-642f-4242-83f1-d1d890cc5345 // IVD: 213f4b05-e0a3-4f65-b456-b752579d9402 // CNVD: CNVD-2020-34373

AFFECTED PRODUCTS

vendor:mitsubishimodel:electric mc works64 <=4.02cscope:eqversion:(10.95.208.31)

Trust: 1.0

vendor:iconicsmodel:energy analytixscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:mc worksscope:lteversion:10.95.208.31

Trust: 1.0

vendor:iconicsmodel:mobilehmiscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:bizvizscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:facility analytixscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:mc works32scope:eqversion:9.50.255.02

Trust: 1.0

vendor:iconicsmodel:genesis64scope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:genesis32scope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:quality analytixscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:hyper historianscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:smart energy analytixscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:genesis64scope: - version: -

Trust: 0.7

vendor:mitsubishimodel:electric mc works32 3.00ascope:eqversion:(9.50.255.02)

Trust: 0.6

vendor:mitsubishimodel:electric mc works32 3.00ascope:eqversion:(9.50.255.02)*

Trust: 0.4

sources: IVD: 2e91579b-642f-4242-83f1-d1d890cc5345 // IVD: 213f4b05-e0a3-4f65-b456-b752579d9402 // ZDI: ZDI-20-778 // CNVD: CNVD-2020-34373 // NVD: CVE-2020-12011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12011
value: CRITICAL

Trust: 1.0

ZDI: CVE-2020-12011
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-34373
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-1210
value: CRITICAL

Trust: 0.6

IVD: 2e91579b-642f-4242-83f1-d1d890cc5345
value: HIGH

Trust: 0.2

IVD: 213f4b05-e0a3-4f65-b456-b752579d9402
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2020-12011
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-34373
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2e91579b-642f-4242-83f1-d1d890cc5345
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 213f4b05-e0a3-4f65-b456-b752579d9402
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2020-12011
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2020-12011
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 2e91579b-642f-4242-83f1-d1d890cc5345 // IVD: 213f4b05-e0a3-4f65-b456-b752579d9402 // ZDI: ZDI-20-778 // CNVD: CNVD-2020-34373 // CNNVD: CNNVD-202006-1210 // NVD: CVE-2020-12011

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2020-12011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1210

TYPE

Buffer error

Trust: 1.0

sources: IVD: 2e91579b-642f-4242-83f1-d1d890cc5345 // IVD: 213f4b05-e0a3-4f65-b456-b752579d9402 // CNNVD: CNNVD-202006-1210

PATCH

title:ICONICS has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-170-03

Trust: 0.7

title:Patch for Mitsubishi Electric MC Works64 and MC Works32 buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/222929

Trust: 0.6

sources: ZDI: ZDI-20-778 // CNVD: CNVD-2020-34373

EXTERNAL IDS

db:NVDid:CVE-2020-12011

Trust: 3.3

db:ICS CERTid:ICSA-20-170-02

Trust: 2.2

db:ICS CERTid:ICSA-20-170-03

Trust: 1.6

db:ZDIid:ZDI-20-778

Trust: 1.3

db:CNVDid:CNVD-2020-34373

Trust: 1.0

db:CNNVDid:CNNVD-202006-1210

Trust: 1.0

db:ZDI_CANid:ZDI-CAN-10274

Trust: 0.7

db:AUSCERTid:ESB-2020.2147

Trust: 0.6

db:IVDid:2E91579B-642F-4242-83F1-D1D890CC5345

Trust: 0.2

db:IVDid:213F4B05-E0A3-4F65-B456-B752579D9402

Trust: 0.2

sources: IVD: 2e91579b-642f-4242-83f1-d1d890cc5345 // IVD: 213f4b05-e0a3-4f65-b456-b752579d9402 // ZDI: ZDI-20-778 // CNVD: CNVD-2020-34373 // CNNVD: CNNVD-202006-1210 // NVD: CVE-2020-12011

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03

Trust: 1.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02

Trust: 1.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-170-02

Trust: 1.2

url:https://www.us-cert.gov/ics/advisories/icsa-20-170-03

Trust: 0.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-778/

Trust: 0.6

url:https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2147/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-12011

Trust: 0.6

sources: ZDI: ZDI-20-778 // CNVD: CNVD-2020-34373 // CNNVD: CNNVD-202006-1210 // NVD: CVE-2020-12011

CREDITS

Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi

Trust: 0.7

sources: ZDI: ZDI-20-778

SOURCES

db:IVDid:2e91579b-642f-4242-83f1-d1d890cc5345
db:IVDid:213f4b05-e0a3-4f65-b456-b752579d9402
db:ZDIid:ZDI-20-778
db:CNVDid:CNVD-2020-34373
db:CNNVDid:CNNVD-202006-1210
db:NVDid:CVE-2020-12011

LAST UPDATE DATE

2024-11-23T22:11:26.786000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-778date:2020-06-30T00:00:00
db:CNVDid:CNVD-2020-34373date:2020-06-23T00:00:00
db:CNNVDid:CNNVD-202006-1210date:2020-07-30T00:00:00
db:NVDid:CVE-2020-12011date:2024-11-21T04:59:06.677

SOURCES RELEASE DATE

db:IVDid:2e91579b-642f-4242-83f1-d1d890cc5345date:2020-06-18T00:00:00
db:IVDid:213f4b05-e0a3-4f65-b456-b752579d9402date:2020-06-18T00:00:00
db:ZDIid:ZDI-20-778date:2020-06-30T00:00:00
db:CNVDid:CNVD-2020-34373date:2020-06-23T00:00:00
db:CNNVDid:CNNVD-202006-1210date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12011date:2020-07-16T19:15:11.830