CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-12009 – ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12009
30 Jun 2020 — A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. Un paquete de comunicación especialmente diseñado enviado al dispositivo afect... • https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 10%CPEs: 11EXPL: 0CVE-2020-12011 – ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12011
30 Jun 2020 — A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. Un paquete de comunicación especialmente diseñado enviado a los sistemas afectados podría cau... • https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-12013 – ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12013
30 Jun 2020 — A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. Un cliente WCF especialmente diseñado que interactúa con el puede permitir la ejecución de determinados com... • https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-12015 – ICONICS Genesis64 IcoFwxServer Deserialization Of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12015
30 Jun 2020 — A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Un paquete de comunicación especialmente diseñado enviado a los ... • https://www.us-cert.gov/ics/advisories/icsa-20-170-02 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2289
https://notcve.org/view.php?id=CVE-2016-2289
01 Apr 2016 — Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. Vulnerabilidad de salto de directorio en ICONICS WebHMI 9 y versiones anteriores permite a atacantes remotos leer archivos de configuración, y consecuentemente descubrir hashes de contraseña, a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-091-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0758
https://notcve.org/view.php?id=CVE-2014-0758
24 Feb 2014 — An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. Un control de ActiveX en GenLaunch.htm en ICONICS GENESIS32 8.0, 8.02, 8.04 y 8.05 permite a atacantes remotos ejecutar programas arbitrarios a través de un documento HTML manipulado. • http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2012-3018
https://notcve.org/view.php?id=CVE-2012-3018
31 Jul 2012 — The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. La característica lockout-recovery en el componente Security Configurator en ICONICS GENESIS32 v9.22 y anteriores y BizViz v9.22 y anteior usa un algoritmo de cifrad... • http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2011-5088
https://notcve.org/view.php?id=CVE-2011-5088
18 Apr 2012 — The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability." El control ActiveX GENESIS32 IcoSetServer en ICONICS GENESIS32 v9.21 y BizViz v9.21 configura la zona de confianza sobre la base de datos del usuario, lo que permite a atacantes remotos ejecutar código arbitrar... • http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf •
CVSS: 10.0EPSS: 3%CPEs: 8EXPL: 0CVE-2011-5089
https://notcve.org/view.php?id=CVE-2011-5089
18 Apr 2012 — Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Desbordamiento de búfer en los controles ActiveX Security Login en ICONICS GENESIS32 v8.05, v9.0, v9.1, y v9.2 y BizViz v8,05, v9,0, v9,1 y v9,2, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente e... • http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 70%CPEs: 14EXPL: 6CVE-2011-2089 – ICONICS WebHMI - ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-2089
13 May 2011 — Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en el método SetActiveXGUID en el control VersionInfo ActiveX en GenVersion.dll v8.0.138.0 en el subsistema WebHMI en... • https://www.exploit-db.com/exploits/17269 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •