CVE-2020-14523

Summary

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi ElectricCW Configuratorunspecified <= Version 1.010Laffected
Mitsubishi ElectricFR Configurator2unspecified <= Version 1.22Yaffected
Mitsubishi ElectricGX Works2unspecified <= Version 1.595Vaffected
Mitsubishi ElectricGX Works3unspecified <= Version 1.063Raffected
Mitsubishi ElectricMELSOFT iQ AppPortalunspecified <= Version 1.17Taffected
Mitsubishi ElectricMELSOFT Navigatorunspecified <= Version2.70Yaffected
Mitsubishi ElectricMI ConfiguratorAll Versionsaffected
Mitsubishi ElectricMR Configurator2unspecified <= Version 1.110Qaffected
Mitsubishi ElectricMT Works2unspecified <= Versions 1.156Naffected
Mitsubishi ElectricMX Componentunspecified <= Version 4.20Waffected
Mitsubishi ElectricRT ToolBox3unspecified <= Versions 1.70Yaffected
Mitsubishi ElectricMELSEC iQ-R Series Motion Moduleunspecified <= Versions 10affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References