CVE-2020-14521

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04	Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility::::::::
	cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool::::::::
	cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:::::::*
	cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:::::::*
	cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:::::::*
	cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::
	cpe:2.3:a:mitsubishielectric:cw_configurator::::::::
	cpe:2.3:a:mitsubishielectric:data_transfer::::::::
	cpe:2.3:a:mitsubishielectric:ezsocket::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:gt_designer2_classic::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::
	cpe:2.3:a:mitsubishielectric:gx_developer::::::::
	cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::
	cpe:2.3:a:mitsubishielectric:gx_works2::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:m_commdtm-io-link::::::::
	cpe:2.3:a:mitsubishielectric:melfa-works::::::::
	cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_complete_clean_up_tool::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_navigator::::::::
	cpe:2.3:a:mitsubishielectric:mi_configurator::::::::
	cpe:2.3:a:mitsubishielectric:motion_control_setting::::::::
	cpe:2.3:a:mitsubishielectric:motorizer::::::::
	cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:mt_works2::::::::
	cpe:2.3:a:mitsubishielectric:mtconnect_data_collector::::::::
	cpe:2.3:a:mitsubishielectric:mx_component::::::::
	cpe:2.3:a:mitsubishielectric:mx_mesinterface::::::::
	cpe:2.3:a:mitsubishielectric:mx_mesinterface-r::::::::
	cpe:2.3:a:mitsubishielectric:mx_sheet::::::::
	cpe:2.3:a:mitsubishielectric:position_board_utility_2::::::::
	cpe:2.3:a:mitsubishielectric:px_developer::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox2::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::
	cpe:2.3:a:mitsubishielectric:setting\/monitoring_tools_for_the_c_controller_module::::::::
	cpe:2.3:a:mitsubishielectric:slmp_data_collector::::::::

Configuration 2 (hide)

AND

cpe:2.3:a:mitsubishielectric:gt_designer3:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:mitsubishielectric:got1000_series_gt10:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt11:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt12:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt14:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt15:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt16:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt21:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt23:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt25:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt27:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_cc-link_ver.2_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_control_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_field_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_mneth_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_mneth_utility:-:*:*:*:*:*:*:*

History

17 Sep 2024, 00:15

Type	Values Removed	Values Added
Summary	(en) Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.	(en) Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

07 Nov 2023, 03:17

Type	Values Removed	Values Added
Summary	Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.	Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Information

Published : 2022-02-11 18:15

Updated : 2024-09-17 00:15

NVD link : CVE-2020-14521

Mitre link : CVE-2020-14521

CVE.ORG link : CVE-2020-14521

JSON object : View

Products Affected

mitsubishielectric

gt_designer3
got1000_series_gt21
mtconnect_data_collector
mx_mesinterface
mx_component
got1000_series_gt11
setting\/monitoring_tools_for_the_c_controller_module
mt_works2
got1000_series_gt15
network_interface_board_mneth_utility_firmware
network_interface_board_cc_ie_field_utility_firmware
gt_softgot1000
melsec_wincpu_setting_utility
motion_control_setting
gx_works3
gt_softgot2000
mi_configurator
rt_toolbox3
melsoft_em_software_development_kit
got1000_series_gt16
network_interface_board_cc_ie_control_utility
c_controller_interface_module_utility
got1000_series_gt25
cc-link_ie_tsn_data_collector
melsoft_navigator
mx_sheet
cc-link_ie_field_network_data_collector
melsoft_complete_clean_up_tool
cw_configurator
cc-link_ie_control_network_data_collector
c_controller_module_setting_and_monitoring_tool
ezsocket
gx_developer
network_interface_board_mneth_utility
mr_configurator2
fr_configurator_sw3
data_transfer
network_interface_board_cc-link_ver.2_utility
px_developer
gt_designer2_classic
network_interface_board_cc_ie_field_utility
slmp_data_collector
got1000_series_gt14
fr_configurator2
mx_mesinterface-r
got1000_series_gt23
got1000_series_gt10
rt_toolbox2
position_board_utility_2
motorizer
network_interface_board_cc_ie_control_utility_firmware
gx_logviewer
cpu_module_logging_configuration_tool
melsoft_iq_appportal
melfa-works
got1000_series_gt12
gx_works2
m_commdtm-io-link
network_interface_board_cc-link_ver.2_utility_firmware
got1000_series_gt27

CWE

CWE-276

Incorrect Default Permissions

CWE-428

Unquoted Search Path or Element

9.8 /10