Lucene search

[email protected]CVE-2020-14521

HistoryFeb 11, 2022 - 6:15 p.m.

CVE-2020-14521

2022-02-1118:15:00

CWE-276

[email protected]

web.nvd.nist.gov

cve-2020-14521

mitsubishi electric

factory automation

engineering software

malicious code execution

vulnerability

information security

denial-of-service

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.9%

JSON

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

CPENameOperatorVersion
mitsubishielectric:cw_configuratormitsubishielectric cw configuratorle1.010l
mitsubishielectric:gx_logviewermitsubishielectric gx logviewerle1.100e
mitsubishielectric:melfa-worksmitsubishielectric melfa-worksle4.4
mitsubishielectric:rt_toolbox2mitsubishielectric rt toolbox2le3.73b
mitsubishielectric:fr_configurator_sw3mitsubishielectric fr configurator sw3eq*
mitsubishielectric:fr_configurator2mitsubishielectric fr configurator2eq*
mitsubishielectric:m_commdtm-io-linkmitsubishielectric m commdtm-io-linkeq*
mitsubishielectric:melsec_wincpu_setting_utilitymitsubishielectric melsec wincpu setting utilityeq*
mitsubishielectric:melsoft_em_software_development_kitmitsubishielectric melsoft em software development kiteq*
mitsubishielectric:mi_configuratormitsubishielectric mi configuratoreq*

CPE	Name	Operator	Version
mitsubishielectric:cw_configurator	mitsubishielectric cw configurator	le	1.010l
mitsubishielectric:gx_logviewer	mitsubishielectric gx logviewer	le	1.100e
mitsubishielectric:melfa-works	mitsubishielectric melfa-works	le	4.4
mitsubishielectric:rt_toolbox2	mitsubishielectric rt toolbox2	le	3.73b
mitsubishielectric:fr_configurator_sw3	mitsubishielectric fr configurator sw3	eq	*
mitsubishielectric:fr_configurator2	mitsubishielectric fr configurator2	eq	*
mitsubishielectric:m_commdtm-io-link	mitsubishielectric m commdtm-io-link	eq	*
mitsubishielectric:melsec_wincpu_setting_utility	mitsubishielectric melsec wincpu setting utility	eq	*
mitsubishielectric:melsoft_em_software_development_kit	mitsubishielectric melsoft em software development kit	eq	*
mitsubishielectric:mi_configurator	mitsubishielectric mi configurator	eq	*

Rows per page:

1-10 of 461

References

www.cisa.gov/uscert/ics/advisories/icsa-20-212-04

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.9%

JSON

Related for CVE-2020-14521

nessus1 prion1 ics1