Lucene search

[email protected]CVE-2020-14496

HistoryMay 19, 2022 - 6:15 p.m.

CVE-2020-14496

2022-05-1918:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2020-14496

vulnerability

mitsubishi electric

factory automation

engineering software

privilege escalation

denial-of-service

information disclosure

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.6%

JSON

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

CPENameOperatorVersion
mitsubishielectric:m_commdtm-hartmitsubishielectric m commdtm-hartlt1.01b
mitsubishielectric:gx_works3mitsubishielectric gx works3lt1.065t
mitsubishielectric:gx_works2mitsubishielectric gx works2lt1.595v
mitsubishielectric:gx_logviewermitsubishielectric gx logviewerlt1.106k
mitsubishielectric:gt_softgot2000mitsubishielectric gt softgot2000lt1.236w
mitsubishielectric:gt_softgot1000mitsubishielectric gt softgot1000lt3.245f
mitsubishielectric:gt_designer3mitsubishielectric gt designer3lt1.236w
mitsubishielectric:fr_configurator2mitsubishielectric fr configurator2lt1.23z
mitsubishielectric:ezsocketmitsubishielectric ezsocketlt4.6
mitsubishielectric:data_transfermitsubishielectric data transferlt3.41t

CPE	Name	Operator	Version
mitsubishielectric:m_commdtm-hart	mitsubishielectric m commdtm-hart	lt	1.01b
mitsubishielectric:gx_works3	mitsubishielectric gx works3	lt	1.065t
mitsubishielectric:gx_works2	mitsubishielectric gx works2	lt	1.595v
mitsubishielectric:gx_logviewer	mitsubishielectric gx logviewer	lt	1.106k
mitsubishielectric:gt_softgot2000	mitsubishielectric gt softgot2000	lt	1.236w
mitsubishielectric:gt_softgot1000	mitsubishielectric gt softgot1000	lt	3.245f
mitsubishielectric:gt_designer3	mitsubishielectric gt designer3	lt	1.236w
mitsubishielectric:fr_configurator2	mitsubishielectric fr configurator2	lt	1.23z
mitsubishielectric:ezsocket	mitsubishielectric ezsocket	lt	4.6
mitsubishielectric:data_transfer	mitsubishielectric data transfer	lt	3.41t

Rows per page:

1-10 of 291

References

www.cisa.gov/uscert/ics/advisories/icsa-20-212-02

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.6%

JSON

Related for CVE-2020-14496

ics1 prion2 cve1