CVE-2020-14521

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04	Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility::::::::
	cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool::::::::
	cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:::::::*
	cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:::::::*
	cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:::::::*
	cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::
	cpe:2.3:a:mitsubishielectric:cw_configurator::::::::
	cpe:2.3:a:mitsubishielectric:data_transfer::::::::
	cpe:2.3:a:mitsubishielectric:ezsocket::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:gt_designer2_classic::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::
	cpe:2.3:a:mitsubishielectric:gx_developer::::::::
	cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::
	cpe:2.3:a:mitsubishielectric:gx_works2::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:m_commdtm-io-link::::::::
	cpe:2.3:a:mitsubishielectric:melfa-works::::::::
	cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_complete_clean_up_tool::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_navigator::::::::
	cpe:2.3:a:mitsubishielectric:mi_configurator::::::::
	cpe:2.3:a:mitsubishielectric:motion_control_setting::::::::
	cpe:2.3:a:mitsubishielectric:motorizer::::::::
	cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:mt_works2::::::::
	cpe:2.3:a:mitsubishielectric:mtconnect_data_collector::::::::
	cpe:2.3:a:mitsubishielectric:mx_component::::::::
	cpe:2.3:a:mitsubishielectric:mx_mesinterface::::::::
	cpe:2.3:a:mitsubishielectric:mx_mesinterface-r::::::::
	cpe:2.3:a:mitsubishielectric:mx_sheet::::::::
	cpe:2.3:a:mitsubishielectric:position_board_utility_2::::::::
	cpe:2.3:a:mitsubishielectric:px_developer::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox2::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::
	cpe:2.3:a:mitsubishielectric:setting\/monitoring_tools_for_the_c_controller_module::::::::
	cpe:2.3:a:mitsubishielectric:slmp_data_collector::::::::

Configuration 2 (hide)

AND

cpe:2.3:a:mitsubishielectric:gt_designer3:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:mitsubishielectric:got1000_series_gt10:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt11:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt12:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt14:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt15:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt16:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt21:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt23:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt25:-:::::::*
	cpe:2.3:h:mitsubishielectric:got1000_series_gt27:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_cc-link_ver.2_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_control_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_field_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:mitsubishielectric:network_interface_board_mneth_utility_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:network_interface_board_mneth_utility:-:*:*:*:*:*:*:*

History

17 Sep 2024, 00:15

Type	Values Removed	Values Added
Summary	(en) Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.	(en) Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

10 Mar 2022, 16:42

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility:-:::::::* cpe:2.3:a:mitsubishielectric:slmp_data_collector:-:::::::* cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:::::::* cpe:2.3:a:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:::::::* cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:::::::* cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:-:::::::* cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit:-:::::::* cpe:2.3:a:mitsubishielectric:got2000:::::::: cpe:2.3:a:mitsubishielectric:setting\/monitoring_tools_for_the_c_controller_module:-:::::::* cpe:2.3:a:mitsubishielectric:mi_configurator:-:::::::* cpe:2.3:a:mitsubishielectric:got1000:::::::: cpe:2.3:a:mitsubishielectric:fr_configurator2:-:::::::* cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:-:::::::* cpe:2.3:a:mitsubishielectric:position_board_utility_2:-:::::::* cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool:-:::::::* cpe:2.3:a:mitsubishielectric:network_interface_board_mneth_utility:-:::::::* cpe:2.3:a:mitsubishielectric:gt_designer2_classic:-:::::::*	cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:::::::: cpe:2.3:a:mitsubishielectric:gt_designer2_classic:::::::: cpe:2.3:a:mitsubishielectric:gt_designer3:::::::: cpe:2.3:h:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:::::::* cpe:2.3:h:mitsubishielectric:got1000_series_gt11:-:::::::* cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit:::::::: cpe:2.3:h:mitsubishielectric:got1000_series_gt15:-:::::::* cpe:2.3:h:mitsubishielectric:got1000_series_gt16:-:::::::* cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:::::::* cpe:2.3:h:mitsubishielectric:got1000_series_gt21:-:::::::* cpe:2.3:h:mitsubishielectric:network_interface_board_mneth_utility:-:::::::* cpe:2.3:h:mitsubishielectric:got1000_series_gt10:-:::::::* cpe:2.3:h:mitsubishielectric:got1000_series_gt27:-:::::::* cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_field_utility_firmware:::::::: cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:::::::* cpe:2.3:o:mitsubishielectric:network_interface_board_cc-link_ver.2_utility_firmware:::::::: cpe:2.3:h:mitsubishielectric:got1000_series_gt12:-:::::::* cpe:2.3:a:mitsubishielectric:position_board_utility_2:::::::: cpe:2.3:a:mitsubishielectric:mi_configurator:::::::: cpe:2.3:a:mitsubishielectric:slmp_data_collector:::::::: cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool:::::::: cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:::::::: cpe:2.3:a:mitsubishielectric:fr_configurator2:::::::: cpe:2.3:h:mitsubishielectric:got1000_series_gt23:-:::::::* cpe:2.3:h:mitsubishielectric:got1000_series_gt14:-:::::::* cpe:2.3:h:mitsubishielectric:got1000_series_gt25:-:::::::* cpe:2.3:a:mitsubishielectric:setting\/monitoring_tools_for_the_c_controller_module:::::::: cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility:::::::: cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_control_utility_firmware:::::::: cpe:2.3:o:mitsubishielectric:network_interface_board_mneth_utility_firmware::::::::

22 Feb 2022, 18:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mitsubishielectric:gt_softgot1000:::::::: cpe:2.3:a:mitsubishielectric:mx_mesinterface-r:::::::: cpe:2.3:a:mitsubishielectric:px_developer:::::::: cpe:2.3:a:mitsubishielectric:got1000:::::::: cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit:-:::::::* cpe:2.3:a:mitsubishielectric:mt_works2:::::::: cpe:2.3:a:mitsubishielectric:gx_works3:::::::: cpe:2.3:a:mitsubishielectric:mx_mesinterface:::::::: cpe:2.3:a:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:::::::* cpe:2.3:a:mitsubishielectric:setting\/monitoring_tools_for_the_c_controller_module:-:::::::* cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:::::::* cpe:2.3:a:mitsubishielectric:fr_configurator2:-:::::::* cpe:2.3:a:mitsubishielectric:gt_softgot2000:::::::: cpe:2.3:a:mitsubishielectric:melsoft_navigator:::::::: cpe:2.3:a:mitsubishielectric:rt_toolbox2:::::::: cpe:2.3:a:mitsubishielectric:motion_control_setting:::::::: cpe:2.3:a:mitsubishielectric:gt_designer2_classic:-:::::::* cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:::::::* cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:::::::* cpe:2.3:a:mitsubishielectric:cw_configurator:::::::: cpe:2.3:a:mitsubishielectric:melsoft_complete_clean_up_tool:::::::: cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility:::::::: cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:::::::: cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility:-:::::::* cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:::::::: cpe:2.3:a:mitsubishielectric:mi_configurator:-:::::::* cpe:2.3:a:mitsubishielectric:ezsocket:::::::: cpe:2.3:a:mitsubishielectric:got2000:::::::: cpe:2.3:a:mitsubishielectric:gx_works2:::::::: cpe:2.3:a:mitsubishielectric:data_transfer:::::::: cpe:2.3:a:mitsubishielectric:position_board_utility_2:-:::::::* cpe:2.3:a:mitsubishielectric:slmp_data_collector:-:::::::* cpe:2.3:a:mitsubishielectric:melfa-works:::::::: cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:-:::::::* cpe:2.3:a:mitsubishielectric:mx_component:::::::: cpe:2.3:a:mitsubishielectric:mr_configurator2:::::::: cpe:2.3:a:mitsubishielectric:rt_toolbox3:::::::: cpe:2.3:a:mitsubishielectric:motorizer:::::::: cpe:2.3:a:mitsubishielectric:network_interface_board_mneth_utility:-:::::::* cpe:2.3:a:mitsubishielectric:gx_logviewer:::::::: cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:::::::* cpe:2.3:a:mitsubishielectric:gx_developer:::::::: cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool:-:::::::* cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:-:::::::* cpe:2.3:a:mitsubishielectric:mtconnect_data_collector:::::::: cpe:2.3:a:mitsubishielectric:mx_sheet:::::::: cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:::::::*
References	~~(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf -~~	(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf - Vendor Advisory
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CWE		CWE-276

17 Feb 2022, 15:15

Type	Values Removed	Values Added
References		(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf -

11 Feb 2022, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-11 18:15

Updated : 2024-09-17 00:15

NVD link : CVE-2020-14521

Mitre link : CVE-2020-14521

CVE.ORG link : CVE-2020-14521

JSON object : View

Products Affected

mitsubishielectric

gt_softgot2000
px_developer
network_interface_board_cc-link_ver.2_utility_firmware
network_interface_board_cc_ie_field_utility_firmware
motorizer
network_interface_board_mneth_utility_firmware
gx_works3
cc-link_ie_field_network_data_collector
cpu_module_logging_configuration_tool
m_commdtm-io-link
mx_mesinterface-r
gt_softgot1000
got1000_series_gt14
got1000_series_gt25
cc-link_ie_tsn_data_collector
network_interface_board_cc-link_ver.2_utility
got1000_series_gt11
network_interface_board_cc_ie_control_utility
melsec_wincpu_setting_utility
motion_control_setting
network_interface_board_mneth_utility
c_controller_module_setting_and_monitoring_tool
c_controller_interface_module_utility
mr_configurator2
setting\/monitoring_tools_for_the_c_controller_module
got1000_series_gt23
ezsocket
got1000_series_gt12
mx_mesinterface
network_interface_board_cc_ie_control_utility_firmware
melsoft_iq_appportal
melsoft_navigator
mx_component
mx_sheet
gx_works2
gt_designer2_classic
melfa-works
got1000_series_gt15
network_interface_board_cc_ie_field_utility
melsoft_complete_clean_up_tool
fr_configurator_sw3
got1000_series_gt10
mi_configurator
fr_configurator2
rt_toolbox3
gx_developer
position_board_utility_2
rt_toolbox2
gx_logviewer
gt_designer3
cw_configurator
data_transfer
got1000_series_gt21
mt_works2
got1000_series_gt16
cc-link_ie_control_network_data_collector
mtconnect_data_collector
slmp_data_collector
melsoft_em_software_development_kit
got1000_series_gt27

CWE

CWE-276

Incorrect Default Permissions

CWE-428

Unquoted Search Path or Element

9.8 /10