CVE-2020-14521

Home/CVE/Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerabil

CVE

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerabil

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

HIGH · CVSS 8.3 EPSS 0.00583

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-276Incorrect Default Permissions

CWE-428Unquoted Search Path or Element

▤

Affected Products & Versions

mitsubishielectric c controller interface module utilityall versions
mitsubishielectric c controller module setting and monitoring toolall versions
mitsubishielectric cc-link ie control network data collectorall versions
mitsubishielectric cc-link ie field network data collectorall versions
mitsubishielectric cc-link ie tsn data collectorall versions
mitsubishielectric cpu module logging configuration tool<= 1.100e
mitsubishielectric cw configurator<= 1.010l
mitsubishielectric data transfer<= 3.42u
Show all 46 affected productsmitsubishielectric ezsocket<= 5.1
mitsubishielectric fr configurator sw3all versions
mitsubishielectric fr configurator2all versions
mitsubishielectric gt designer2 classicall versions
mitsubishielectric gt softgot1000>= 3.0 and <= 3.200j
mitsubishielectric gt softgot2000>= 1.0 and <= 1.241b
mitsubishielectric gx developer<= 8.504a
mitsubishielectric gx logviewer<= 1.100e
mitsubishielectric gx works2<= 1.601b
mitsubishielectric gx works3<= 1.063r
mitsubishielectric m commdtm-io-linkall versions
mitsubishielectric melfa-works<= 4.4
mitsubishielectric melsec wincpu setting utilityall versions
mitsubishielectric melsoft complete clean up tool<= 1.06g
mitsubishielectric melsoft em software development kitall versions
mitsubishielectric melsoft iq appportal<= 1.17t
mitsubishielectric melsoft navigator<= 2.74c
mitsubishielectric mi configuratorall versions
mitsubishielectric motion control setting<= 1.005f
mitsubishielectric motorizer<= 1.005f
mitsubishielectric mr configurator2<= 1.125f
mitsubishielectric mt works2<= 1.167z
mitsubishielectric mtconnect data collector<= 1.1.4.0
mitsubishielectric mx component<= 4.20w
mitsubishielectric mx mesinterface<= 1.21x
mitsubishielectric mx mesinterface-r<= 1.12n
mitsubishielectric mx sheet<= 2.15r
mitsubishielectric position board utility 2all versions
mitsubishielectric px developer<= 1.53f
mitsubishielectric rt toolbox2<= 3.73b
mitsubishielectric rt toolbox3<= 1.82l
mitsubishielectric setting\/monitoring tools for the c controller moduleall versions
mitsubishielectric slmp data collector<= 1.04e
mitsubishielectric gt designer3<= 1.241b
mitsubishielectric network interface board cc-link ver.2 utility firmwareall versions
mitsubishielectric network interface board cc ie control utility firmwareall versions
mitsubishielectric network interface board cc ie field utility firmwareall versions
mitsubishielectric network interface board mneth utility firmwareall versions

▣

Scoring & Timeline

8.3

HIGH · CVSS v3.1 · ics-cert@hq.dhs.gov

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD11 Feb 2022 · 06:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

cisa-csafcisa-csaf-csaf_files-OT-white-2020-icsa-20-212-04

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdfVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin