CVE-2020-14521

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
icscertCNA
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
mitsubishielectricc_controller_interface_module_utility
*
mitsubishielectricc_controller_module_setting_and_monitoring_tool
*
mitsubishielectriccc-link_ie_control_network_data_collector
1.00a:a
mitsubishielectriccc-link_ie_field_network_data_collector
1.00a:a
mitsubishielectriccc-link_ie_tsn_data_collector
1.00a:a
mitsubishielectriccpu_module_logging_configuration_tool
𝑥
≤ 1.100e
mitsubishielectriccw_configurator
𝑥
≤ 1.010l
mitsubishielectricdata_transfer
𝑥
≤ 3.42u
mitsubishielectricezsocket
𝑥
≤ 5.1
mitsubishielectricfr_configurator_sw3
*
mitsubishielectricfr_configurator2
*
mitsubishielectricgt_designer2_classic
*
mitsubishielectricgt_softgot1000
3.0 ≤
𝑥
≤ 3.200j
mitsubishielectricgt_softgot2000
1.0 ≤
𝑥
≤ 1.241b
mitsubishielectricgx_developer
𝑥
≤ 8.504a
mitsubishielectricgx_logviewer
𝑥
≤ 1.100e
mitsubishielectricgx_works2
𝑥
≤ 1.601b
mitsubishielectricgx_works3
𝑥
≤ 1.063r
mitsubishielectricm_commdtm-io-link
*
mitsubishielectricmelfa-works
𝑥
≤ 4.4
mitsubishielectricmelsec_wincpu_setting_utility
*
mitsubishielectricmelsoft_complete_clean_up_tool
𝑥
≤ 1.06g
mitsubishielectricmelsoft_em_software_development_kit
*
mitsubishielectricmelsoft_iq_appportal
𝑥
≤ 1.17t
mitsubishielectricmelsoft_navigator
𝑥
≤ 2.74c
mitsubishielectricmi_configurator
*
mitsubishielectricmotion_control_setting
𝑥
≤ 1.005f
mitsubishielectricmotorizer
𝑥
≤ 1.005f
mitsubishielectricmr_configurator2
𝑥
≤ 1.125f
mitsubishielectricmt_works2
𝑥
≤ 1.167z
mitsubishielectricmtconnect_data_collector
𝑥
≤ 1.1.4.0
mitsubishielectricmx_component
𝑥
≤ 4.20w
mitsubishielectricmx_mesinterface
𝑥
≤ 1.21x
mitsubishielectricmx_mesinterface-r
𝑥
≤ 1.12n
mitsubishielectricmx_sheet
𝑥
≤ 2.15r
mitsubishielectricposition_board_utility_2
*
mitsubishielectricpx_developer
𝑥
≤ 1.53f
mitsubishielectricrt_toolbox2
𝑥
≤ 3.73b
mitsubishielectricrt_toolbox3
𝑥
≤ 1.82l
mitsubishielectricsetting\/monitoring_tools_for_the_c_controller_module
*
mitsubishielectricslmp_data_collector
𝑥
≤ 1.04e
mitsubishielectricgt_designer3
𝑥
≤ 1.241b
mitsubishielectricnetwork_interface_board_cc-link_ver.2_utility_firmware
*
mitsubishielectricnetwork_interface_board_cc_ie_control_utility_firmware
*
mitsubishielectricnetwork_interface_board_cc_ie_field_utility_firmware
*
mitsubishielectricnetwork_interface_board_mneth_utility_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf