CVE-2020-14496

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

CVSS v3 8.3 HIGH
CVSS v2.0 7.5 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::
	cpe:2.3:a:mitsubishielectric:cw_configurator::::::::
	cpe:2.3:a:mitsubishielectric:data_transfer::::::::
	cpe:2.3:a:mitsubishielectric:em_configurator::::::::
	cpe:2.3:a:mitsubishielectric:ezsocket::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:gt_designer3::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::
	cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::
	cpe:2.3:a:mitsubishielectric:gx_works2::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:m_commdtm-hart::::::::
	cpe:2.3:a:mitsubishielectric:m_commdtm-io-link::::::::
	cpe:2.3:a:mitsubishielectric:melfa-works::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_fielddeviceconfigurator::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_navigator::::::::
	cpe:2.3:a:mitsubishielectric:mh11_settingtool_version2::::::::
	cpe:2.3:a:mitsubishielectric:motorizer::::::::
	cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:mt_works2::::::::
	cpe:2.3:a:mitsubishielectric:mx_component::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_cc-link_ver.2_utility::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_control_utility::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_field_utility::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_mneth_utility::::::::
	cpe:2.3:a:mitsubishielectric:px_developer::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox2::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::

History

21 Nov 2024, 05:03

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~7.5~~ v3 : ~~9.8~~	v2 : 7.5 v3 : 8.3

07 Jun 2022, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CPE		cpe:2.3:a:mitsubishielectric:melsoft_fielddeviceconfigurator:::::::: cpe:2.3:a:mitsubishielectric:em_configurator:::::::: cpe:2.3:a:mitsubishielectric:gt_designer3:::::::: cpe:2.3:a:mitsubishielectric:mx_component:::::::: cpe:2.3:a:mitsubishielectric:melsoft_navigator:::::::: cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_field_utility:::::::: cpe:2.3:a:mitsubishielectric:motorizer:::::::: cpe:2.3:a:mitsubishielectric:data_transfer:::::::: cpe:2.3:a:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:::::::: cpe:2.3:a:mitsubishielectric:gt_softgot2000:::::::: cpe:2.3:a:mitsubishielectric:network_interface_board_mneth_utility:::::::: cpe:2.3:a:mitsubishielectric:gx_works2:::::::: cpe:2.3:a:mitsubishielectric:px_developer:::::::: cpe:2.3:a:mitsubishielectric:mh11_settingtool_version2:::::::: cpe:2.3:a:mitsubishielectric:fr_configurator2:::::::: cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_control_utility:::::::: cpe:2.3:a:mitsubishielectric:cw_configurator:::::::: cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:::::::: cpe:2.3:a:mitsubishielectric:m_commdtm-hart:::::::: cpe:2.3:a:mitsubishielectric:gx_works3:::::::: cpe:2.3:a:mitsubishielectric:rt_toolbox2:::::::: cpe:2.3:a:mitsubishielectric:gx_logviewer:::::::: cpe:2.3:a:mitsubishielectric:mt_works2:::::::: cpe:2.3:a:mitsubishielectric:rt_toolbox3:::::::: cpe:2.3:a:mitsubishielectric:melfa-works:::::::: cpe:2.3:a:mitsubishielectric:ezsocket:::::::: cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:::::::: cpe:2.3:a:mitsubishielectric:mr_configurator2:::::::: cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::
CWE	~~CWE-275~~	NVD-CWE-noinfo
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02 - Third Party Advisory, US Government Resource

19 May 2022, 18:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-19 18:15

Updated : 2024-11-21 05:03

NVD link : CVE-2020-14496

Mitre link : CVE-2020-14496

CVE.ORG link : CVE-2020-14496

JSON object : View

Products Affected

mitsubishielectric

px_developer
network_interface_board_cc_ie_field_utility
network_interface_board_cc_ie_control_utility
mr_configurator2
cpu_module_logging_configuration_tool
gt_designer3
gt_softgot1000
fr_configurator2
cw_configurator
motorizer
ezsocket
gx_logviewer
gt_softgot2000
em_configurator
melsoft_navigator
m_commdtm-hart
mt_works2
melfa-works
network_interface_board_cc-link_ver.2_utility
rt_toolbox3
gx_works2
network_interface_board_mneth_utility
m_commdtm-io-link
mx_component
data_transfer
mh11_settingtool_version2
gx_works3
rt_toolbox2
melsoft_fielddeviceconfigurator

CWE

CWE-275

Permission Issues

NVD-CWE-noinfo

{"id": "CVE-2020-14496", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-05-19T18:15:08.360", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-275"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed."}, {"lang": "es", "value": "Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad para m\u00faltiples Productos Mitsubishi Electric Factory Automation Engineering Software de varias versiones podr\u00eda permitir a un atacante escalar privilegios y ejecutar programas maliciosos, lo que podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio, y permitir que la informaci\u00f3n sea divulgada, manipulada y/o destruida"}], "lastModified": "2024-11-21T05:03:23.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A02BE6-633A-4A94-890C-586B3A42E19F", "versionEndExcluding": "1.106k"}, {"criteria": "cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60875630-C0F2-434E-8D11-51B44F62CBA5", "versionEndExcluding": "1.011m"}, {"criteria": "cpe:2.3:a:mitsubishielectric:data_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE83331F-B795-410A-8510-351945025444", "versionEndExcluding": "3.41t"}, {"criteria": "cpe:2.3:a:mitsubishielectric:em_configurator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0A01F0C-0B10-4906-9389-4D53AE3CD7FD", "versionEndExcluding": "1.015r"}, {"criteria": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9FFEA10-20FA-4B73-ACA5-AB7462820123", "versionEndExcluding": "4.6"}, {"criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2877EB49-8A69-426B-B7EB-87DEF3975562", "versionEndExcluding": "1.23z"}, {"criteria": "cpe:2.3:a:mitsubishielectric:gt_designer3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3393020-A6E6-431A-B572-E28948F6A970", "versionEndExcluding": "1.236w"}, {"criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot1000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DC963D1-281A-48DE-B822-5254643C98E7", "versionEndExcluding": "3.245f"}, {"criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20E2D739-F982-4ED4-ADFB-505777CF9888", "versionEndExcluding": "1.236w"}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_logviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0809A627-EEC8-475E-997F-E3FAE2C39261", "versionEndExcluding": "1.106k"}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F2B0AC1-1BEC-4D79-9995-527E3A770A66", "versionEndExcluding": "1.595v"}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80BF474D-E018-4612-93FD-F3A661C13A6D", "versionEndExcluding": "1.065t"}, {"criteria": "cpe:2.3:a:mitsubishielectric:m_commdtm-hart:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9ECB87-B07E-4E52-BF3F-8AD4AA03826B", "versionEndExcluding": "1.01b"}, {"criteria": "cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50FA8FAD-3DF4-453C-A55C-5F622DD76460", "versionEndExcluding": "1.04e"}, {"criteria": "cpe:2.3:a:mitsubishielectric:melfa-works:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED888C84-4CD8-464A-A3A0-F623EB0F4920", "versionEndExcluding": "4.4"}, {"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_fielddeviceconfigurator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE1E2976-38B4-4B1B-AC01-B3D8C26A1BB2", "versionEndExcluding": "1.04e"}, {"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01D32795-831A-43D6-9F90-82A67F5E9081", "versionEndExcluding": "2.70y"}, {"criteria": "cpe:2.3:a:mitsubishielectric:mh11_settingtool_version2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A6DE218-D030-4DDF-B504-B176DFE7662A", "versionEndExcluding": "2.003d"}, {"criteria": "cpe:2.3:a:mitsubishielectric:motorizer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FD24F8E-869B-413A-9BF1-555CF827F3C9", "versionEndExcluding": "1.010l"}, {"criteria": "cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "470498DC-4A30-4EC2-B9C7-B5348D2F1381", "versionEndExcluding": "1.106l"}, {"criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7926DBE1-335C-40E2-AD74-AE89DC9A0095", "versionEndExcluding": "1.160s"}, {"criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCBBBA97-3C41-423F-8534-098070E49A97", "versionEndExcluding": "4.20w"}, {"criteria": "cpe:2.3:a:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CFA2E01-1D66-40D6-8575-0E216376CC25", "versionEndExcluding": "1.24a"}, {"criteria": "cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_control_utility:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBC15323-7468-4688-A9C2-01208B4849A4", "versionEndExcluding": "1.30g"}, {"criteria": "cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_field_utility:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F605A144-5A10-44C9-94DC-3B0D66E39431", "versionEndExcluding": "1.17t"}, {"criteria": "cpe:2.3:a:mitsubishielectric:network_interface_board_mneth_utility:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54DBB417-5543-4AEB-9467-6197868C8C18", "versionEndExcluding": "35m"}, {"criteria": "cpe:2.3:a:mitsubishielectric:px_developer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9987641F-1BD4-445A-86E4-778CFFFFEBD2", "versionEndExcluding": "1.53f"}, {"criteria": "cpe:2.3:a:mitsubishielectric:rt_toolbox2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A11F999D-CE97-49B6-9AF3-DD32D0E0779F", "versionEndExcluding": "3.73b"}, {"criteria": "cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B03CE992-45F6-48EA-BE86-0041F0CDBEF7", "versionEndExcluding": "1.80j"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}

8.3 /10