CVE-2020-14521
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mitsubishi Electric | C Controller Interface Module Utility | unspecified <= Version 2.00 | affected |
| Mitsubishi Electric | CC-Link IE Control Network Data Collector | Version 1.00A | affected |
| Mitsubishi Electric | CC-Link IE Field Network Data Collector | Version 1.00A | affected |
| Mitsubishi Electric | CC-Link IE TSN Data Collector | Version 1.00A | affected |
| Mitsubishi Electric | CPU Module Logging Configuration Tool | unspecified <= Version 1.100E | affected |
| Mitsubishi Electric | CW Configurator | unspecified <= Version 1.010L | affected |
| Mitsubishi Electric | Data Transfer | unspecified <= Version 3.42U | affected |
| Mitsubishi Electric | EZSocket | unspecified <= Version 5.1 | affected |
| Mitsubishi Electric | FR Configurator SW3 | All Versions | affected |
| Mitsubishi Electric | FR Configurator2 | unspecified <= Version 1.26C | affected |
| Mitsubishi Electric | GT Designer2 Classic | All Versions | affected |
| Mitsubishi Electric | GT Designer3 Version1 (GOT1000) | unspecified <= Version 1.241B | affected |
| Mitsubishi Electric | GT Designer3 Version1 (GOT2000) | unspecified <= Version 1.241B | affected |
| Mitsubishi Electric | GT SoftGOT1000 Version3 | unspecified <= Version 3.200J | affected |
| Mitsubishi Electric | GT SoftGOT2000 Version1 | unspecified <= Version 1.241B | affected |
| Mitsubishi Electric | GX Developer | unspecified <= Version 8.504A | affected |
| Mitsubishi Electric | GX LogViewer | unspecified <= Version 1.100E | affected |
| Mitsubishi Electric | GX Works2 | unspecified <= Version 1.601B | affected |
| Mitsubishi Electric | GX Works3 | unspecified <= Version 1.063R | affected |
| Mitsubishi Electric | M_CommDTM-IO-Link | unspecified <= Version 1.03D | affected |
| Mitsubishi Electric | MELFA-Works | unspecified <= Version 4.4 | affected |
| Mitsubishi Electric | MELSEC WinCPU Setting Utility | All Versions | affected |
| Mitsubishi Electric | MELSOFT Complete Clean Up Tool | unspecified <= Version 1.06G | affected |
| Mitsubishi Electric | MELSOFT EM Software Development Kit | unspecified <= Version 1.015R | affected |
| Mitsubishi Electric | MELSOFT iQ AppPortal | unspecified <= Version 1.17T | affected |
| Mitsubishi Electric | MELSOFT Navigator | unspecified <= Version 2.74C | affected |
| Mitsubishi Electric | MI Configurator | unspecified <= Version 1.004E | affected |
| Mitsubishi Electric | Motion Control Setting | unspecified <= Version 1.005F | affected |
| Mitsubishi Electric | Motorizer | unspecified <= Version 1.005F | affected |
| Mitsubishi Electric | MR Configurator2 | unspecified <= Version 1.125F | affected |
| Mitsubishi Electric | MT Works2 | unspecified <= Version 1.167Z | affected |
| Mitsubishi Electric | MTConnect Data Collector | unspecified <= Version 1.1.4.0 | affected |
| Mitsubishi Electric | MX Component | unspecified <= Version 4.20W | affected |
| Mitsubishi Electric | MX MESInterface | unspecified <= Version 1.21X | affected |
| Mitsubishi Electric | MX MESInterface-R | unspecified <= Version 1.12N | affected |
| Mitsubishi Electric | MX Sheet | unspecified <= Version 2.15R | affected |
| Mitsubishi Electric | Network Interface Board CC IE Control Utility | unspecified <= Version 1.29F | affected |
| Mitsubishi Electric | Network Interface Board CC IE Field Utility | unspecified <= Versions 1.16S | affected |
| Mitsubishi Electric | Network Interface Board CC-Link Ver.2 Utility | unspecified <= Version 1.23Z | affected |
| Mitsubishi Electric | Network Interface Board MNETH Utility | unspecified <= Version 34L | affected |
| Mitsubishi Electric | Position Board utility 2 | unspecified <= Version 3.20 | affected |
| Mitsubishi Electric | PX Developer | unspecified <= Version 1.53F | affected |
| Mitsubishi Electric | RT ToolBox2 | unspecified <= Version 3.73B | affected |
| Mitsubishi Electric | RT ToolBox3 | unspecified <= Version 1.82L | affected |
| Mitsubishi Electric | Setting/Monitoring tools for the C Controller module | unspecified <= SW3PVC-CCPU Version 3.13P | affected |
| Mitsubishi Electric | Setting/Monitoring tools for the C Controller module | unspecified <= SW4PVC-CCPU Version 4.12N | affected |
| Mitsubishi Electric | SLMP Data Collector | unspecified <= Version 1.04E | affected |
Weaknesses
- CWE-428: CWE-428 Unquoted Search Path or Element
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.