CVE-2020-14496
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mitsubishi Electric | CPU Module Logging Configuration Tool | All <= 1.100E | affected |
| Mitsubishi Electric | CW Configurator | All <= 1.010L | affected |
| Mitsubishi Electric | Data Transfer | All <= 3.40S | affected |
| Mitsubishi Electric | EZSocket | All <= 4.5 | affected |
| Mitsubishi Electric | FR Configurator2 | All <= 1.22Y | affected |
| Mitsubishi Electric | GT Designer3 Version1 (GOT2000) | All <= 1.235V | affected |
| Mitsubishi Electric | GT SoftGOT1000 Version3 | All <= 3.200J | affected |
| Mitsubishi Electric | GT SoftGOT1000 Version3 | All | affected |
| Mitsubishi Electric | GT SoftGOT2000 Version1 | All <= 1.235V | affected |
| Mitsubishi Electric | GX LogViewer | All <= 1.100E | affected |
| Mitsubishi Electric | GX Works2 | All <= 1.592S | affected |
| Mitsubishi Electric | GX Works3 | All <= 1.063R | affected |
| Mitsubishi Electric | M_CommDTM-HART | All 1.00A | affected |
| Mitsubishi Electric | M_CommDTM-IO-Link | All | affected |
| Mitsubishi Electric | MELFA-Works | All <= 4.3 | affected |
| Mitsubishi Electric | MELSEC WinCPU Setting Utility | All | affected |
| Mitsubishi Electric | MELSOFT EM Software Development Kit (EM Configurator) | All <= 1.010L | affected |
| Mitsubishi Electric | MELSOFT FieldDeviceConfigurator | All <= 1.03D | affected |
| Mitsubishi Electric | MELSOFT Navigator | All <= 2.62Q | affected |
| Mitsubishi Electric | MH11 SettingTool Version2 | All <= 2.002C | affected |
| Mitsubishi Electric | MI Configurator | All | affected |
| Mitsubishi Electric | Motorizer | All <= 1.005F | affected |
| Mitsubishi Electric | MR Configurator2 | All <= 1.105K | affected |
| Mitsubishi Electric | MT Works2 | All <= 1.156N | affected |
| Mitsubishi Electric | MX Component | All <= 4.19V | affected |
| Mitsubishi Electric | Network Interface Board CC IE Control utility | All | affected |
| Mitsubishi Electric | Network Interface Board CC IE Field Utility | All | affected |
| Mitsubishi Electric | Network Interface Board CC-Link Ver.2 Utility | All | affected |
| Mitsubishi Electric | Network Interface Board MNETH utility | All | affected |
| Mitsubishi Electric | PX Developer | All <= 1.52E | affected |
| Mitsubishi Electric | RT ToolBox2 | All <= 3.72A | affected |
| Mitsubishi Electric | RT ToolBox3 | All <= 1.70Y | affected |
| Mitsubishi Electric | Setting/monitoring tools for the C Controller module | All | affected |
Weaknesses
- CWE-275: CWE-275 Permission Issues
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.