Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-j3qh-9fj7-j65q
Vulnerability from github
Published
2022-05-20 00:00
Modified
2022-06-08 00:00
Severity ?
VLAI Severity ?
Details
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
{
"affected": [],
"aliases": [
"CVE-2020-14496"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-19T18:15:00Z",
"severity": "CRITICAL"
},
"details": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.",
"id": "GHSA-j3qh-9fj7-j65q",
"modified": "2022-06-08T00:00:33Z",
"published": "2022-05-20T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14496"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2020-14496 (GCVE-0-2020-14496)
Vulnerability from cvelistv5
Published
2022-05-19 17:24
Modified
2025-04-16 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-275 - Permission Issues
Summary
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:29:04.161678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:53:51.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CPU Module Logging Configuration Tool",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.100E",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "CW Configurator",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.010L",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "Data Transfer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "3.40S",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "EZSocket",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "4.5",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "FR Configurator2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.22Y",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "GT Designer3 Version1 (GOT2000)",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.235V",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "GT SoftGOT1000 Version3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "3.200J",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "GT SoftGOT1000 Version3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "GT SoftGOT2000 Version1",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.235V",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "GX LogViewer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.100E",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "GX Works2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.592S",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "GX Works3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.063R",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "M_CommDTM-HART",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All 1.00A"
}
]
},
{
"product": "M_CommDTM-IO-Link",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "MELFA-Works",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "4.3",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MELSEC WinCPU Setting Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "MELSOFT EM Software Development Kit (EM Configurator)",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.010L",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MELSOFT FieldDeviceConfigurator",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.03D",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MELSOFT Navigator",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "2.62Q",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MH11 SettingTool Version2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "2.002C",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MI Configurator",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "Motorizer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.005F",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MR Configurator2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.105K",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MT Works2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.156N",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "MX Component",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "4.19V",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "Network Interface Board CC IE Control utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "Network Interface Board CC IE Field Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "Network Interface Board CC-Link Ver.2 Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "Network Interface Board MNETH utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "PX Developer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.52E",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "RT ToolBox2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "3.72A",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "RT ToolBox3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "1.70Y",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "Setting/monitoring tools for the C Controller module",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-275",
"description": "CWE-275 Permission Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T17:24:43.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02"
}
],
"source": {
"advisory": "ICSA-20-212-02",
"discovery": "UNKNOWN"
},
"title": "Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14496",
"STATE": "PUBLIC",
"TITLE": "Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPU Module Logging Configuration Tool",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.100E"
}
]
}
},
{
"product_name": "CW Configurator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.010L"
}
]
}
},
{
"product_name": "Data Transfer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "3.40S"
}
]
}
},
{
"product_name": "EZSocket",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "4.5"
}
]
}
},
{
"product_name": "FR Configurator2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.22Y"
}
]
}
},
{
"product_name": "GT Designer3 Version1 (GOT2000)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.235V"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "3.200J"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "GT SoftGOT2000 Version1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.235V"
}
]
}
},
{
"product_name": "GX LogViewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.100E"
}
]
}
},
{
"product_name": "GX Works2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.592S"
}
]
}
},
{
"product_name": "GX Works3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.063R"
}
]
}
},
{
"product_name": "M_CommDTM-HART",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "1.00A"
}
]
}
},
{
"product_name": "M_CommDTM-IO-Link",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "MELFA-Works",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "4.3"
}
]
}
},
{
"product_name": "MELSEC WinCPU Setting Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "MELSOFT EM Software Development Kit (EM Configurator)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.010L"
}
]
}
},
{
"product_name": "MELSOFT FieldDeviceConfigurator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.03D"
}
]
}
},
{
"product_name": "MELSOFT Navigator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2.62Q"
}
]
}
},
{
"product_name": "MH11 SettingTool Version2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2.002C"
}
]
}
},
{
"product_name": "MI Configurator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Motorizer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.005F"
}
]
}
},
{
"product_name": "MR Configurator2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.105K"
}
]
}
},
{
"product_name": "MT Works2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.156N"
}
]
}
},
{
"product_name": "MX Component",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "4.19V"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Control utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Field Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board CC-Link Ver.2 Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board MNETH utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "PX Developer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.52E"
}
]
}
},
{
"product_name": "RT ToolBox2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "3.72A"
}
]
}
},
{
"product_name": "RT ToolBox3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.70Y"
}
]
}
},
{
"product_name": "Setting/monitoring tools for the C Controller module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275 Permission Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02"
}
]
},
"source": {
"advisory": "ICSA-20-212-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14496",
"datePublished": "2022-05-19T17:24:43.000Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:53:51.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…