CVE-2020-14496

Summary

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi ElectricCPU Module Logging Configuration ToolAll <= 1.100Eaffected
Mitsubishi ElectricCW ConfiguratorAll <= 1.010Laffected
Mitsubishi ElectricData TransferAll <= 3.40Saffected
Mitsubishi ElectricEZSocketAll <= 4.5affected
Mitsubishi ElectricFR Configurator2All <= 1.22Yaffected
Mitsubishi ElectricGT Designer3 Version1 (GOT2000)All <= 1.235Vaffected
Mitsubishi ElectricGT SoftGOT1000 Version3All <= 3.200Jaffected
Mitsubishi ElectricGT SoftGOT1000 Version3Allaffected
Mitsubishi ElectricGT SoftGOT2000 Version1All <= 1.235Vaffected
Mitsubishi ElectricGX LogViewerAll <= 1.100Eaffected
Mitsubishi ElectricGX Works2All <= 1.592Saffected
Mitsubishi ElectricGX Works3All <= 1.063Raffected
Mitsubishi ElectricM_CommDTM-HARTAll 1.00Aaffected
Mitsubishi ElectricM_CommDTM-IO-LinkAllaffected
Mitsubishi ElectricMELFA-WorksAll <= 4.3affected
Mitsubishi ElectricMELSEC WinCPU Setting UtilityAllaffected
Mitsubishi ElectricMELSOFT EM Software Development Kit (EM Configurator)All <= 1.010Laffected
Mitsubishi ElectricMELSOFT FieldDeviceConfiguratorAll <= 1.03Daffected
Mitsubishi ElectricMELSOFT NavigatorAll <= 2.62Qaffected
Mitsubishi ElectricMH11 SettingTool Version2All <= 2.002Caffected
Mitsubishi ElectricMI ConfiguratorAllaffected
Mitsubishi ElectricMotorizerAll <= 1.005Faffected
Mitsubishi ElectricMR Configurator2All <= 1.105Kaffected
Mitsubishi ElectricMT Works2All <= 1.156Naffected
Mitsubishi ElectricMX ComponentAll <= 4.19Vaffected
Mitsubishi ElectricNetwork Interface Board CC IE Control utilityAllaffected
Mitsubishi ElectricNetwork Interface Board CC IE Field UtilityAllaffected
Mitsubishi ElectricNetwork Interface Board CC-Link Ver.2 UtilityAllaffected
Mitsubishi ElectricNetwork Interface Board MNETH utilityAllaffected
Mitsubishi ElectricPX DeveloperAll <= 1.52Eaffected
Mitsubishi ElectricRT ToolBox2All <= 3.72Aaffected
Mitsubishi ElectricRT ToolBox3All <= 1.70Yaffected
Mitsubishi ElectricSetting/monitoring tools for the C Controller moduleAllaffected

Weaknesses

  • CWE-275: CWE-275 Permission Issues

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References