CVE-2020-14521

Summary

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi ElectricC Controller Interface Module Utilityunspecified <= Version 2.00affected
Mitsubishi ElectricCC-Link IE Control Network Data CollectorVersion 1.00Aaffected
Mitsubishi ElectricCC-Link IE Field Network Data CollectorVersion 1.00Aaffected
Mitsubishi ElectricCC-Link IE TSN Data CollectorVersion 1.00Aaffected
Mitsubishi ElectricCPU Module Logging Configuration Toolunspecified <= Version 1.100Eaffected
Mitsubishi ElectricCW Configuratorunspecified <= Version 1.010Laffected
Mitsubishi ElectricData Transferunspecified <= Version 3.42Uaffected
Mitsubishi ElectricEZSocketunspecified <= Version 5.1affected
Mitsubishi ElectricFR Configurator SW3All Versionsaffected
Mitsubishi ElectricFR Configurator2unspecified <= Version 1.26Caffected
Mitsubishi ElectricGT Designer2 ClassicAll Versionsaffected
Mitsubishi ElectricGT Designer3 Version1 (GOT1000)unspecified <= Version 1.241Baffected
Mitsubishi ElectricGT Designer3 Version1 (GOT2000)unspecified <= Version 1.241Baffected
Mitsubishi ElectricGT SoftGOT1000 Version3unspecified <= Version 3.200Jaffected
Mitsubishi ElectricGT SoftGOT2000 Version1unspecified <= Version 1.241Baffected
Mitsubishi ElectricGX Developerunspecified <= Version 8.504Aaffected
Mitsubishi ElectricGX LogViewerunspecified <= Version 1.100Eaffected
Mitsubishi ElectricGX Works2unspecified <= Version 1.601Baffected
Mitsubishi ElectricGX Works3unspecified <= Version 1.063Raffected
Mitsubishi ElectricM_CommDTM-IO-Linkunspecified <= Version 1.03Daffected
Mitsubishi ElectricMELFA-Worksunspecified <= Version 4.4affected
Mitsubishi ElectricMELSEC WinCPU Setting UtilityAll Versionsaffected
Mitsubishi ElectricMELSOFT Complete Clean Up Toolunspecified <= Version 1.06Gaffected
Mitsubishi ElectricMELSOFT EM Software Development Kitunspecified <= Version 1.015Raffected
Mitsubishi ElectricMELSOFT iQ AppPortalunspecified <= Version 1.17Taffected
Mitsubishi ElectricMELSOFT Navigatorunspecified <= Version 2.74Caffected
Mitsubishi ElectricMI Configuratorunspecified <= Version 1.004Eaffected
Mitsubishi ElectricMotion Control Settingunspecified <= Version 1.005Faffected
Mitsubishi ElectricMotorizerunspecified <= Version 1.005Faffected
Mitsubishi ElectricMR Configurator2unspecified <= Version 1.125Faffected
Mitsubishi ElectricMT Works2unspecified <= Version 1.167Zaffected
Mitsubishi ElectricMTConnect Data Collectorunspecified <= Version 1.1.4.0affected
Mitsubishi ElectricMX Componentunspecified <= Version 4.20Waffected
Mitsubishi ElectricMX MESInterfaceunspecified <= Version 1.21Xaffected
Mitsubishi ElectricMX MESInterface-Runspecified <= Version 1.12Naffected
Mitsubishi ElectricMX Sheetunspecified <= Version 2.15Raffected
Mitsubishi ElectricNetwork Interface Board CC IE Control Utilityunspecified <= Version 1.29Faffected
Mitsubishi ElectricNetwork Interface Board CC IE Field Utilityunspecified <= Versions 1.16Saffected
Mitsubishi ElectricNetwork Interface Board CC-Link Ver.2 Utilityunspecified <= Version 1.23Zaffected
Mitsubishi ElectricNetwork Interface Board MNETH Utilityunspecified <= Version 34Laffected
Mitsubishi ElectricPosition Board utility 2unspecified <= Version 3.20affected
Mitsubishi ElectricPX Developerunspecified <= Version 1.53Faffected
Mitsubishi ElectricRT ToolBox2unspecified <= Version 3.73Baffected
Mitsubishi ElectricRT ToolBox3unspecified <= Version 1.82Laffected
Mitsubishi ElectricSetting/Monitoring tools for the C Controller moduleunspecified <= SW3PVC-CCPU Version 3.13Paffected
Mitsubishi ElectricSetting/Monitoring tools for the C Controller moduleunspecified <= SW4PVC-CCPU Version 4.12Naffected
Mitsubishi ElectricSLMP Data Collectorunspecified <= Version 1.04Eaffected

Weaknesses

  • CWE-428: CWE-428 Unquoted Search Path or Element

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References