CVE-2020-12007
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code and cause denial-of-service conditions on affected industrial control systems by sending specially crafted communication packets. It affects Mitsubishi Electric MC Works and ICONICS software used in industrial automation environments. The vulnerability stems from insecure deserialization of untrusted data.
💻 Affected Systems
- Mitsubishi Electric MC Works64
- Mitsubishi Electric MC Works32
- ICONICS GenBroker64
- ICONICS Platform Services
- ICONICS Workbench
- ICONICS FrameWorX Server
- ICONICS GenBroker32
📦 What is this software?
Bizviz by Iconics
Genesis32 by Iconics
Genesis64 by Iconics
Mc Works by Mitsubishielectric
Mc Works32 by Mitsubishielectric
Mobilehmi by Iconics
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary code, disrupt industrial processes, manipulate control systems, and potentially cause physical damage or safety incidents.
Likely Case
Remote code execution leading to data theft, system manipulation, and denial-of-service affecting industrial operations.
If Mitigated
Limited impact if systems are properly segmented, monitored, and have network controls preventing unauthorized communication.
🎯 Exploit Status
No authentication required, network-based attack vector. CISA advisories indicate active exploitation may be possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: MC Works64: 4.02E or later; MC Works32: 3.00E or later; ICONICS: Version 10.97 or later
Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02, https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03
Restart Required: Yes
Instructions:
1. Contact Mitsubishi Electric or ICONICS for updated software versions. 2. Apply patches according to vendor instructions. 3. Restart affected systems. 4. Test in non-production environment first.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected systems from untrusted networks using firewalls and network segmentation.
Communication Restrictions
allImplement strict network access controls to limit communication to only trusted sources.
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to isolate affected systems
- Monitor network traffic for anomalous communication patterns and implement intrusion detection
🔍 How to Verify
Check if Vulnerable:
Check software version against affected versions list. Review system logs for unusual network communication.Check Version:
Check software version through application interface or vendor documentationVerify Fix Applied:
Verify software version is updated to patched versions. Test communication with affected services.📡 Detection & Monitoring
Log Indicators:
- Unusual network connections to affected services
- Process crashes or abnormal behavior in MC Works/ICONICS services
Network Indicators:
- Malformed communication packets to ports used by affected services
- Unexpected remote connections to industrial control systems
SIEM Query:
source_ip IN (external_ips) AND dest_port IN (affected_service_ports) AND protocol=tcp AND packet_size_anomaly=true