Vulnerabilities > Iconics > Genesis64 > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-20 | CVE-2022-33319 | Out-of-bounds Read vulnerability in multiple products Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64 server. | 9.1 |
| 2022-07-20 | CVE-2022-33318 | Deserialization of Untrusted Data vulnerability in multiple products Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server. | 9.8 |
| 2022-01-21 | CVE-2022-23128 | Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. | 9.8 |
| 2020-07-16 | CVE-2020-12007 | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. | 9.8 |
| 2020-07-16 | CVE-2020-12013 | SQL Injection vulnerability in multiple products A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. | 9.1 |
| 2020-07-16 | CVE-2020-12011 | Out-of-bounds Write vulnerability in multiple products A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. | 9.8 |