CVE-2020-12011
Description
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write vulnerability in Mitsubishi Electric MC Works64/32 and ICONICS GENESIS64/32 allows remote code execution or denial of service via crafted packets.
Vulnerability
An out-of-bounds write vulnerability (CWE-787) exists in the GenBroker64 and GenBroker32 components of Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, MC Works32 version 3.00A (9.50.255.02), and ICONICS GENESIS64 (GenBroker64, Platform Services, Workbench, FrameWorX Server) version 10.96 and prior, as well as GENESIS32 (GenBroker32) version 9.5 and prior [1][2]. A specially crafted communication packet sent to the affected Broker services triggers the out-of-bounds write.
Exploitation
An unauthenticated attacker can exploit this vulnerability remotely over the network without user interaction. The attack complexity is high (CVSSv3 AC:H), meaning the attacker must craft a precise malicious packet to trigger the write. The packet is sent to the listening Broker64 or Broker32 service on the affected system [1][2].
Impact
Successful exploitation can lead to a denial-of-service condition or remote code execution. The CVSSv3 base score is 8.1 with vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability [1][2].
Mitigation
Mitsubishi Electric recommends updating MC Works64 and MC Works32 to the latest versions [1]. ICONICS recommends updating GENESIS64 and GENESIS32 to the latest versions [2]. Users should also apply network segmentation and restrict access to affected services as a defense-in-depth measure. No workaround is provided other than updating.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Mitsubishi Electric/MC Works64description
- Range: <=10.96
- Range: <=10.96
- Range: <=10.96
- Range: <=10.96
- Range: <=4.02C (10.95.208.31)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- us-cert.cisa.gov/ics/advisories/icsa-20-170-02mitrex_refsource_MISC
- us-cert.cisa.gov/ics/advisories/icsa-20-170-03mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.