ID

VAR-202007-1433


CVE

CVE-2020-12013


TITLE

ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-779

DESCRIPTION

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process. There is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Trust: 2.43

sources: NVD: CVE-2020-12013 // ZDI: ZDI-20-779 // CNVD: CNVD-2020-34370 // IVD: 619034f0-2a16-43eb-8d34-f889bd91a2af // IVD: e2b262e1-e8a9-471a-a771-486f23cd118b

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 619034f0-2a16-43eb-8d34-f889bd91a2af // IVD: e2b262e1-e8a9-471a-a771-486f23cd118b // CNVD: CNVD-2020-34370

AFFECTED PRODUCTS

vendor:mitsubishimodel:electric mc works64 <=4.02cscope:eqversion:(10.95.208.31)

Trust: 1.0

vendor:iconicsmodel:energy analytixscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:mc works64scope:lteversion:10.95.208.31

Trust: 1.0

vendor:iconicsmodel:mobilehmiscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:bizvizscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:facility analytixscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:mc works32scope:eqversion:9.50.255.02

Trust: 1.0

vendor:iconicsmodel:genesis64scope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:genesis32scope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:quality analytixscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:hyper historianscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:smart energy analytixscope:eqversion: -

Trust: 1.0

vendor:iconicsmodel:genesis64scope: - version: -

Trust: 0.7

vendor:mitsubishimodel:electric mc works32 3.00ascope:eqversion:(9.50.255.02)

Trust: 0.6

vendor:mitsubishimodel:electric mc works32 3.00ascope:eqversion:(9.50.255.02)*

Trust: 0.4

sources: IVD: 619034f0-2a16-43eb-8d34-f889bd91a2af // IVD: e2b262e1-e8a9-471a-a771-486f23cd118b // ZDI: ZDI-20-779 // CNVD: CNVD-2020-34370 // NVD: CVE-2020-12013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12013
value: CRITICAL

Trust: 1.0

ZDI: CVE-2020-12013
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-34370
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-1207
value: CRITICAL

Trust: 0.6

IVD: 619034f0-2a16-43eb-8d34-f889bd91a2af
value: HIGH

Trust: 0.2

IVD: e2b262e1-e8a9-471a-a771-486f23cd118b
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2020-12013
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-34370
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 619034f0-2a16-43eb-8d34-f889bd91a2af
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e2b262e1-e8a9-471a-a771-486f23cd118b
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2020-12013
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

ZDI: CVE-2020-12013
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 619034f0-2a16-43eb-8d34-f889bd91a2af // IVD: e2b262e1-e8a9-471a-a771-486f23cd118b // ZDI: ZDI-20-779 // CNVD: CNVD-2020-34370 // CNNVD: CNNVD-202006-1207 // NVD: CVE-2020-12013

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:CWE-94

Trust: 1.0

sources: NVD: CVE-2020-12013

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1207

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-1207

PATCH

title:ICONICS has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-170-03

Trust: 0.7

title:Patch for Mitsubishi Electric MC Works64 and MC Works32 code injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/222939

Trust: 0.6

sources: ZDI: ZDI-20-779 // CNVD: CNVD-2020-34370

EXTERNAL IDS

db:NVDid:CVE-2020-12013

Trust: 3.3

db:ICS CERTid:ICSA-20-170-02

Trust: 2.2

db:ICS CERTid:ICSA-20-170-03

Trust: 1.6

db:ZDIid:ZDI-20-779

Trust: 1.3

db:CNVDid:CNVD-2020-34370

Trust: 1.0

db:CNNVDid:CNNVD-202006-1207

Trust: 1.0

db:ZDI_CANid:ZDI-CAN-10288

Trust: 0.7

db:AUSCERTid:ESB-2020.2147

Trust: 0.6

db:IVDid:619034F0-2A16-43EB-8D34-F889BD91A2AF

Trust: 0.2

db:IVDid:E2B262E1-E8A9-471A-A771-486F23CD118B

Trust: 0.2

sources: IVD: 619034f0-2a16-43eb-8d34-f889bd91a2af // IVD: e2b262e1-e8a9-471a-a771-486f23cd118b // ZDI: ZDI-20-779 // CNVD: CNVD-2020-34370 // CNNVD: CNNVD-202006-1207 // NVD: CVE-2020-12013

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03

Trust: 1.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02

Trust: 1.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-170-02

Trust: 1.2

url:https://www.us-cert.gov/ics/advisories/icsa-20-170-03

Trust: 0.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-779/

Trust: 0.6

url:https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2147/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-12013

Trust: 0.6

sources: ZDI: ZDI-20-779 // CNVD: CNVD-2020-34370 // CNNVD: CNNVD-202006-1207 // NVD: CVE-2020-12013

CREDITS

Ben McBride

Trust: 0.7

sources: ZDI: ZDI-20-779

SOURCES

db:IVDid:619034f0-2a16-43eb-8d34-f889bd91a2af
db:IVDid:e2b262e1-e8a9-471a-a771-486f23cd118b
db:ZDIid:ZDI-20-779
db:CNVDid:CNVD-2020-34370
db:CNNVDid:CNNVD-202006-1207
db:NVDid:CVE-2020-12013

LAST UPDATE DATE

2024-11-23T22:11:26.821000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-779date:2020-06-30T00:00:00
db:CNVDid:CNVD-2020-34370date:2020-06-23T00:00:00
db:CNNVDid:CNNVD-202006-1207date:2021-11-08T00:00:00
db:NVDid:CVE-2020-12013date:2024-11-21T04:59:06.937

SOURCES RELEASE DATE

db:IVDid:619034f0-2a16-43eb-8d34-f889bd91a2afdate:2020-06-18T00:00:00
db:IVDid:e2b262e1-e8a9-471a-a771-486f23cd118bdate:2020-06-18T00:00:00
db:ZDIid:ZDI-20-779date:2020-06-30T00:00:00
db:CNVDid:CNVD-2020-34370date:2020-06-23T00:00:00
db:CNNVDid:CNNVD-202006-1207date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12013date:2020-07-16T22:15:11.417