CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
36.9%
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file including malicious XML codes.
Vendor | Product | Version | CPE |
---|---|---|---|
iconics | genesis64 | 10.97 | cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:* |
iconics | genesis64 | 10.97.1 | cpe:2.3:a:iconics:genesis64:10.97.1:*:*:*:*:*:*:* |
mitsubishielectric | mc_works64 | * | cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
[
{
"product": "ICONICS GENESIS64; Mitsubishi Electric MC Works64",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ICONICS GENESIS64 versions 10.97.1 and prior"
},
{
"status": "affected",
"version": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
}
]
}
]
More