CVE-2020-14521

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-14521

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

M

ultiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:data_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gt_designer2_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gt_softgot1000:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gt_softgot2000:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_developer:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_logviewer:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melfa-works:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_complete_clean_up_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:motion_control_setting:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:motorizer:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mtconnect_data_collector:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mx_mesinterface:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mx_mesinterface-r:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mx_sheet:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:position_board_utility_2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:px_developer:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:rt_toolbox2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:setting\/monitoring_tools_for_the_c_controller_module:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:slmp_data_collector:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:mitsubishielectric:gt_designer3:*:*:*:*:*:*:*:*
OR cpe:2.3:h:mitsubishielectric:got1000_series_gt10:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt11:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt12:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt14:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt15:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt16:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt21:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt23:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt25:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:got1000_series_gt27:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishielectric:network_interface_board_cc-link_ver.2_utility_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_control_utility_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_field_utility_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitsubishielectric:network_interface_board_mneth_utility_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:network_interface_board_mneth_utility:-:*:*:*:*:*:*:*
History

21 Nov 2024, 05:03

Type Values Removed Values Added
References () https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 - Third Party Advisory, US Government Resource
References () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf - Vendor Advisory () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf - Vendor Advisory
CVSS v2 : 7.5
v3 : 9.8 		v2 : 7.5
v3 : 8.3

17 Sep 2024, 00:15

Type Values Removed Values Added
Summary (en) Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. (en) Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
Information

Published : 2022-02-11 18:15

Updated : 2024-11-21 05:03

NVD link : CVE-2020-14521

Mitre link : CVE-2020-14521

CVE.ORG link : CVE-2020-14521

JSON object : View

Products Affected

mitsubishielectric

CWE
CWE-428

Unquoted Search Path or Element

CWE-276

Incorrect Default Permissions