CVE-2020-14521

EPSS 0.24%
Veröffentlicht 11.02.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 05:03:26
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ C Controller Interface Module Utility

Mitsubishielectric ≫ C Controller Module Setting And Monitoring Tool

Mitsubishielectric ≫ Cc-link Ie Control Network Data Collector Version1.00a

Mitsubishielectric ≫ Cc-link Ie Field Network Data Collector Version1.00a

Mitsubishielectric ≫ Cc-link Ie Tsn Data Collector Version1.00a

Mitsubishielectric ≫ Cpu Module Logging Configuration Tool Version <= 1.100e

Mitsubishielectric ≫ Cw Configurator Version <= 1.010l

Mitsubishielectric ≫ Data Transfer Version <= 3.42u

Mitsubishielectric ≫ Ezsocket Version <= 5.1

Mitsubishielectric ≫ Fr Configurator Sw3

Mitsubishielectric ≫ Fr Configurator2

Mitsubishielectric ≫ Gt Designer2 Classic

Mitsubishielectric ≫ Gt Softgot1000 Version >= 3.0 <= 3.200j

Mitsubishielectric ≫ Gt Softgot2000 Version >= 1.0 <= 1.241b

Mitsubishielectric ≫ Gx Developer Version <= 8.504a

Mitsubishielectric ≫ Gx Logviewer Version <= 1.100e

Mitsubishielectric ≫ Gx Works2 Version <= 1.601b

Mitsubishielectric ≫ Gx Works3 Version <= 1.063r

Mitsubishielectric ≫ M Commdtm-io-link

Mitsubishielectric ≫ Melfa-works Version <= 4.4

Mitsubishielectric ≫ Melsec Wincpu Setting Utility

Mitsubishielectric ≫ Melsoft Complete Clean Up Tool Version <= 1.06g

Mitsubishielectric ≫ Melsoft Em Software Development Kit

Mitsubishielectric ≫ Melsoft Iq Appportal Version <= 1.17t

Mitsubishielectric ≫ Melsoft Navigator Version <= 2.74c

Mitsubishielectric ≫ Mi Configurator

Mitsubishielectric ≫ Motion Control Setting Version <= 1.005f

Mitsubishielectric ≫ Motorizer Version <= 1.005f

Mitsubishielectric ≫ Mr Configurator2 Version <= 1.125f

Mitsubishielectric ≫ Mt Works2 Version <= 1.167z

Mitsubishielectric ≫ Mtconnect Data Collector Version <= 1.1.4.0

Mitsubishielectric ≫ Mx Component Version <= 4.20w

Mitsubishielectric ≫ Mx Mesinterface Version <= 1.21x

Mitsubishielectric ≫ Mx Mesinterface-r Version <= 1.12n

Mitsubishielectric ≫ Mx Sheet Version <= 2.15r

Mitsubishielectric ≫ Position Board Utility 2

Mitsubishielectric ≫ Px Developer Version <= 1.53f

Mitsubishielectric ≫ Rt Toolbox2 Version <= 3.73b

Mitsubishielectric ≫ Rt Toolbox3 Version <= 1.82l

Mitsubishielectric ≫ Setting/monitoring Tools For The C Controller Module

Mitsubishielectric ≫ Slmp Data Collector Version <= 1.04e

Mitsubishielectric ≫ Gt Designer3 Version <= 1.241b

Mitsubishielectric ≫ Network Interface Board Cc-link Ver.2 Utility Firmware

Mitsubishielectric ≫ Network Interface Board Cc-link Ver.2 Utility Version-

Mitsubishielectric ≫ Network Interface Board Cc Ie Control Utility Firmware

Mitsubishielectric ≫ Network Interface Board Cc Ie Control Utility Version-

Mitsubishielectric ≫ Network Interface Board Cc Ie Field Utility Firmware

Mitsubishielectric ≫ Network Interface Board Cc Ie Field Utility Version-

Mitsubishielectric ≫ Network Interface Board Mneth Utility Firmware

Mitsubishielectric ≫ Network Interface Board Mneth Utility Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.474

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
ics-cert@hq.dhs.gov	8.3	1.6	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04

Third Party Advisory

US Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-14521

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14521

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14521

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-14521