CVE-2020-12007
Description
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A deserialization vulnerability in Mitsubishi Electric MC Works and ICONICS GENESIS products allows remote code execution or denial of service via specially crafted packets.
Vulnerability
This vulnerability is a deserialization of untrusted data (CWE-502) present in multiple products. Affected versions include Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, MC Works32 version 3.00A (9.50.255.02), ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior, and ICONICS GenBroker32 version 9.5 and prior [1]. The issue is triggered when a specially crafted communication packet is sent to the affected services.
Exploitation
An attacker can exploit this vulnerability remotely without authentication or user interaction [1]. The attacker sends a maliciously crafted packet to the target service (e.g., GenBroker64, Platform Services, Workbench, or FrameWorX Server). The packet contains serialized data that, when deserialized, leads to arbitrary code execution or a denial-of-service condition.
Impact
Successful exploitation allows an attacker to achieve remote code execution with the privileges of the affected service, or cause a denial-of-service condition [1]. This can lead to full compromise of the system, including data disclosure, modification, or disruption of operations.
Mitigation
ICONICS and Mitsubishi Electric have released updates to address this vulnerability. Users should upgrade to the latest versions as specified in the vendor advisories. For ICONICS products, version 10.97 or later is recommended [1]. For Mitsubishi Electric MC Works, contact the vendor for patched versions. If patching is not possible, restrict network access to the affected services and use firewalls to limit exposure.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6<=10.96+ 1 more
- (no CPE)range: <=10.96
- (no CPE)range: v9.5 and prior
- Range: <=4.02C
- ICONICS/GenBroker64, Platform Services, Workbench, FrameWorX Serverv5Range: v10.96 and prior
- Mitsubishi Electric/MC Works32v5Range: Version 3.00A (9.50.255.02)
- Mitsubishi Electric/MC Works64v5Range: Version 4.02C (10.95.208.31) and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2Cmitrex_refsource_CONFIRM
- us-cert.cisa.gov/ics/advisories/icsa-20-170-03mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.