CVE-2020-14521

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

11/02/2022

Last modified:

17/09/2024

Description

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

9.80

Severity 3.x

CRITICAL

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

7.50

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility::::::::
cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool::::::::
cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:::::::*
cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:::::::*
cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:::::::*
cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::		1.100e (including)
cpe:2.3:a:mitsubishielectric:cw_configurator::::::::		1.010l (including)
cpe:2.3:a:mitsubishielectric:data_transfer::::::::		3.42u (including)
cpe:2.3:a:mitsubishielectric:ezsocket::::::::		5.1 (including)
cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::
cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
cpe:2.3:a:mitsubishielectric:gt_designer2_classic::::::::
cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::	3.0 (including)	3.200j (including)
cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::	1.0 (including)	1.241b (including)
cpe:2.3:a:mitsubishielectric:gx_developer::::::::		8.504a (including)

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility::::::::
cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool::::::::
cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:::::::*
cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:::::::*
cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:::::::*
cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::		1.100e (including)
cpe:2.3:a:mitsubishielectric:cw_configurator::::::::		1.010l (including)
cpe:2.3:a:mitsubishielectric:data_transfer::::::::		3.42u (including)
cpe:2.3:a:mitsubishielectric:ezsocket::::::::		5.1 (including)
cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::
cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
cpe:2.3:a:mitsubishielectric:gt_designer2_classic::::::::
cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::	3.0 (including)	3.200j (including)
cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::	1.0 (including)	1.241b (including)
cpe:2.3:a:mitsubishielectric:gx_developer::::::::		8.504a (including)

CVE-2020-14521

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools