CVE-2020-12013 Information
Feb 14, 2021
cve
Description
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64 Platform Services Workbench FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Reference
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
NONE
Base Severity
9.1
Share on: