fkie_cve-2020-14521
Vulnerability from fkie_nvd
Published
2022-02-11 18:15
Modified
2024-11-21 05:03
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
References
▶ | URL | Tags | |
---|---|---|---|
ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 | Third Party Advisory, US Government Resource | |
ics-cert@hq.dhs.gov | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility:*:*:*:*:*:*:*:*", "matchCriteriaId": "23DA824B-6169-477E-ABE6-251673287DBB", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DB4A4DA-DBC0-42A8-B933-933DE45F004D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:*:*:*:*:*:*:*", "matchCriteriaId": "147760E8-B888-481C-8669-C989B96CD642", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:*:*:*:*:*:*:*", "matchCriteriaId": "DD410E22-1E58-412B-8A03-2BDE25714E89", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:*:*:*:*:*:*:*", "matchCriteriaId": "82B337E7-3656-445B-9EA1-FEFC80C37819", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFB022B0-D30E-4EA9-BDB3-BD5784144F45", "versionEndIncluding": "1.100e", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*", "matchCriteriaId": "892E3CDC-AFC4-4EF1-AF46-3F161603DDB1", "versionEndIncluding": "1.010l", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:data_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "45BCA319-1B52-468E-BB59-A2AA2C491361", "versionEndIncluding": "3.42u", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0BF4793-8A65-4CB6-9B62-4388CBD84033", "versionEndIncluding": "5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:*:*:*:*:*:*:*:*", "matchCriteriaId": "D236ABC2-93E4-4428-B949-7E17945E4D98", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED78B28-BBBF-4869-BC1C-F0789867FB4C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:gt_designer2_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B2B348C-0C2E-43A7-A606-102CB0E08B4B", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot1000:*:*:*:*:*:*:*:*", "matchCriteriaId": "F21C6BDF-DD7F-4462-9F74-4A91E4BA936C", "versionEndIncluding": "3.200j", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEF6E106-73A6-403B-A731-0372521E412D", "versionEndIncluding": "1.241b", "versionStartIncluding": "1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:gx_developer:*:*:*:*:*:*:*:*", "matchCriteriaId": "5589F3F2-0857-4D95-9F63-EE66452BE566", "versionEndIncluding": "8.504a", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:gx_logviewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "591B76E1-665F-4473-8A65-B8549B61807F", "versionEndIncluding": "1.100e", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E36C451-A531-4EEB-9574-0AC0116D910D", "versionEndIncluding": "1.601b", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE537EF6-72AE-4091-AF6E-9959C3F45632", "versionEndIncluding": "1.063r", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:*:*:*:*:*:*:*:*", "matchCriteriaId": "87B55AB8-B00D-4960-9F31-45E1855B109E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:melfa-works:*:*:*:*:*:*:*:*", "matchCriteriaId": "4116C452-19C3-4F48-8A05-864BD884BDD0", "versionEndIncluding": "4.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C51CF8E-49C1-418C-B410-50B23F9A23D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_complete_clean_up_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6D30BBF-E50B-4C27-9A33-902D05F987AD", "versionEndIncluding": "1.06g", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "724C0E0B-5658-4040-A925-A07128EAD323", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F2EA556-367B-4F32-99D2-C685742CCAEE", "versionEndIncluding": "1.17t", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DC7353B-EFF7-432D-8F88-0D5EBBBBE4C0", "versionEndIncluding": "2.74c", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*", "matchCriteriaId": "A661B972-912C-4DAA-9518-CC01E0EB1A81", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:motion_control_setting:*:*:*:*:*:*:*:*", "matchCriteriaId": "12866465-10B2-4D45-B693-AE8C0EF34ADF", "versionEndIncluding": "1.005f", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:motorizer:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D82696C-937C-4B49-B748-006A6E836B03", "versionEndIncluding": "1.005f", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEDAE974-4101-4B93-8DB5-8E93882AE3C5", "versionEndIncluding": "1.125f", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*", "matchCriteriaId": "57031F64-353E-403C-B7F8-0A145E70CBE7", "versionEndIncluding": "1.167z", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mtconnect_data_collector:*:*:*:*:*:*:*:*", "matchCriteriaId": "2561FAAC-19E7-48EE-AC80-8F9965EB2B2A", "versionEndIncluding": "1.1.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0C9B5B3-D4F6-4E00-89B4-964516BB989B", "versionEndIncluding": "4.20w", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mx_mesinterface:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F84606A-A815-4A4C-9B7A-3A47449044D8", "versionEndIncluding": "1.21x", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mx_mesinterface-r:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3CBAD07-E3E5-45C3-9208-B2F891D879F3", "versionEndIncluding": "1.12n", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:mx_sheet:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA891D85-4E28-4AA6-8393-5EC58C4BD923", "versionEndIncluding": "2.15r", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:position_board_utility_2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4AC335D-3FF8-42A6-9567-023248CF7256", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:px_developer:*:*:*:*:*:*:*:*", "matchCriteriaId": "445EF081-A7BB-4568-850F-00CF58060D62", "versionEndIncluding": "1.53f", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:rt_toolbox2:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BD4EC4A-ACF7-45F2-893D-569B4F8F8909", "versionEndIncluding": "3.73b", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*", "matchCriteriaId": "779B0C13-D3DD-4D27-B18B-C0119B7BC5CB", "versionEndIncluding": "1.82l", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:setting\\/monitoring_tools_for_the_c_controller_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "85CBC7FE-6EF9-4DA5-8128-849233A8DC72", "vulnerable": true }, { "criteria": "cpe:2.3:a:mitsubishielectric:slmp_data_collector:*:*:*:*:*:*:*:*", "matchCriteriaId": "8814A8BA-AA54-4270-AAB1-679D0881D715", "versionEndIncluding": "1.04e", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mitsubishielectric:gt_designer3:*:*:*:*:*:*:*:*", "matchCriteriaId": "45AFD554-F595-4B11-92DC-5655E8203C76", "versionEndIncluding": "1.241b", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt10:-:*:*:*:*:*:*:*", "matchCriteriaId": "70B37C4A-147A-4A7D-8F29-E2C366B54D68", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt11:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AB71211-39CF-4AB7-8D7A-B6FC5C2A9FBC", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt12:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E639243-577F-4787-8724-C1FEC886631D", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt14:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3BD1AB4-3A3D-46CD-B613-3E3613AAA273", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt15:-:*:*:*:*:*:*:*", "matchCriteriaId": "29141984-191A-4A36-996D-9B60830CEA60", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt16:-:*:*:*:*:*:*:*", "matchCriteriaId": "647842FC-AC89-462E-9856-3BB1E469CB52", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt21:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EFBF467-8492-4CFB-8669-424A71B3CBAF", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt23:-:*:*:*:*:*:*:*", "matchCriteriaId": "1379891B-B1EC-433F-918B-8E9A4FBC0352", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt25:-:*:*:*:*:*:*:*", "matchCriteriaId": "5ADE2CDE-AB27-42DD-B4C0-1F4B2F55FE88", "vulnerable": false }, { "criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt27:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AD87755-DECB-4007-970F-A082EE983EB6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_cc-link_ver.2_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5162D96A-EFDD-4679-B9A1-76CDAF00CA58", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "43223F6D-B64C-49D7-8A04-DDB09B6D698E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_control_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF03D46-5539-432E-B67B-1D4494D3BBD6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8ABB436-86C7-49BB-B95B-FD61BE60BAD5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_field_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "95873A25-2480-45F1-8FE3-D190AE9A824B", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A756E0D-EB80-4601-B07A-4F5ECD8D424F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_mneth_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64CEB2D6-0113-47E9-A238-373472907CE5", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_mneth_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "03EAB2BF-B0EF-4899-BF6D-3C0975462178", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition." }, { "lang": "es", "value": "diversos productos de software de ingenier\u00eda de Mitsubishi Electric Factory Automation presentan una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo malicioso. Un atacante malicioso podr\u00eda usar esta vulnerabilidad para obtener informaci\u00f3n, modificar informaci\u00f3n y causar una condici\u00f3n de denegaci\u00f3n de servicio" } ], "id": "CVE-2020-14521", "lastModified": "2024-11-21T05:03:26.950", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-11T18:15:08.513", "references": [ { "source": "ics-cert@hq.dhs.gov", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04" }, { "source": "ics-cert@hq.dhs.gov", "tags": [ "Vendor Advisory" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf" } ], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-428" } ], "source": "ics-cert@hq.dhs.gov", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…