CVE-2020-14523

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:iu_configuration_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:iu_developer2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishielectric:rd78g4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishielectric:rd78g8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g8:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishielectric:rd78g16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g16:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitsubishielectric:rd78g32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g32:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitsubishielectric:rd78g64_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g64:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitsubishielectric:rd78ghv_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78ghv:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitsubishielectric:rd78ghw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78ghw:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:03

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 8.3
References () https://jvn.jp/vu/JVNVU90224831/ - Third Party Advisory () https://jvn.jp/vu/JVNVU90224831/ - Third Party Advisory
References () https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03 - Patch, Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03 - Patch, Third Party Advisory, US Government Resource
References () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf - Vendor Advisory () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf - Vendor Advisory

Information

Published : 2022-02-11 18:15

Updated : 2024-11-21 05:03


NVD link : CVE-2020-14523

Mitre link : CVE-2020-14523

CVE.ORG link : CVE-2020-14523


JSON object : View

Products Affected

mitsubishielectric

  • mt_works2
  • rd78ghw_firmware
  • cw_configurator
  • rd78g32
  • rd78g4_firmware
  • melsoft_iq_appportal
  • mi_configurator
  • rd78g16_firmware
  • gx_works3
  • rd78g64_firmware
  • rd78g64
  • rd78ghv
  • rd78g32_firmware
  • iu_developer2
  • rd78ghv_firmware
  • mx_component
  • fr_configurator2
  • mr_configurator2
  • rd78g16
  • iu_configuration_tool
  • gx_works2
  • melsoft_navigator
  • rd78g4
  • rd78g8
  • rd78ghw
  • rt_toolbox3
  • rd78g8_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')