CVE-2020-14523
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mitsubishi Electric | CW Configurator | unspecified <= Version 1.010L | affected |
| Mitsubishi Electric | FR Configurator2 | unspecified <= Version 1.22Y | affected |
| Mitsubishi Electric | GX Works2 | unspecified <= Version 1.595V | affected |
| Mitsubishi Electric | GX Works3 | unspecified <= Version 1.063R | affected |
| Mitsubishi Electric | MELSOFT iQ AppPortal | unspecified <= Version 1.17T | affected |
| Mitsubishi Electric | MELSOFT Navigator | unspecified <= Version2.70Y | affected |
| Mitsubishi Electric | MI Configurator | All Versions | affected |
| Mitsubishi Electric | MR Configurator2 | unspecified <= Version 1.110Q | affected |
| Mitsubishi Electric | MT Works2 | unspecified <= Versions 1.156N | affected |
| Mitsubishi Electric | MX Component | unspecified <= Version 4.20W | affected |
| Mitsubishi Electric | RT ToolBox3 | unspecified <= Versions 1.70Y | affected |
| Mitsubishi Electric | MELSEC iQ-R Series Motion Module | unspecified <= Versions 10 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf
- https://jvn.jp/vu/JVNVU90224831/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf
- https://jvn.jp/vu/JVNVU90224831/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.