CVE-2020-12009
Description
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A deserialization vulnerability in the Workbench Pack & Go function of Mitsubishi Electric MC Works64 and ICONICS GENESIS64 can be exploited to cause denial of service.
Vulnerability
A deserialization vulnerability (CWE-502) exists in the Workbench Pack & Go function of Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, and ICONICS GENESIS64 (using GenBroker64, Platform Services, Workbench, FrameWorX Server) versions 10.96 and prior. The issue also affects MC Works32 Version 3.00A (9.50.255.02) [1][2]. A specially crafted communication packet triggers improper deserialization of untrusted data.
Exploitation
An attacker can send a maliciously crafted communication packet to the affected Workbench Pack & Go function over the network without requiring authentication or user interaction. The packet contains serialized data that, when deserialized, causes a denial-of-service condition [1][2].
Impact
Successful exploitation results in a denial-of-service condition, impacting the availability of the affected system. According to the CVSS vector, there is no impact on confidentiality or integrity [1][2].
Mitigation
At the time of the advisory publication (2020-07-16), no patches were available. Users should contact the vendor for updates and apply workarounds as recommended in the vendor advisories [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6<= 10.96+ 1 more
- (no CPE)range: <= 10.96
- (no CPE)range: v9.5 and prior
- Range: <= 4.02C (10.95.208.31)
- ICONICS/GenBroker64, Platform Services, Workbench, FrameWorX Serverv5Range: v10.96 and prior
- Mitsubishi Electric/MC Works32v5Range: Version 3.00A (9.50.255.02)
- Mitsubishi Electric/MC Works64v5Range: 4.02C (10.95.208.31) and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- us-cert.cisa.gov/ics/advisories/icsa-20-170-02mitrex_refsource_CONFIRM
- us-cert.cisa.gov/ics/advisories/icsa-20-170-03mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.