Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-20587
HistoryFeb 19, 2021 - 8:15 p.m.

CVE-2021-20587

2021-02-1920:15:12
CWE-787
[email protected]
web.nvd.nist.gov
90
4
cve-2021-20587
mitsubishi electric
fa engineering software
buffer overflow
vulnerability
remote attacker
dos
malicious program

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.

Affected configurations

NVD
Node
mitsubishielectricc_controller_module_setting_and_monitoring_tool
OR
mitsubishielectriccpu_module_logging_configuration_toolRange1.112r
OR
mitsubishielectriccw_configuratorRange1.011m
OR
mitsubishielectricdata_transferRange3.44w
OR
mitsubishielectricezsocket
OR
mitsubishielectricfr_configurator
OR
mitsubishielectricfr_configurator_sw3
OR
mitsubishielectricfr_configurator2Range1.24a
OR
mitsubishielectricgt_designer3Range1.250l
OR
mitsubishielectricgt_softgot1000Range3.245f
OR
mitsubishielectricgt_softgot2000Range1.250l
OR
mitsubishielectricgx_configurator-dpRange7.14q
OR
mitsubishielectricgx_configurator-qp
OR
mitsubishielectricgx_developerRange8.506c
OR
mitsubishielectricgx_explorer
OR
mitsubishielectricgx_iec_developer
OR
mitsubishielectricgx_logviewerRange1.115u
OR
mitsubishielectricgx_remoteservice-i
OR
mitsubishielectricgx_works2Range1.597x
OR
mitsubishielectricgx_works3Range1.070y
OR
mitsubishielectriciq_monozukuri_andonMatch-
OR
mitsubishielectriciq_monozukuri_process_remote_monitoringMatch-
OR
mitsubishielectricm_commdtm-hart
OR
mitsubishielectricm_commdtm-io-link
OR
mitsubishielectricmelfa-worksRange4.4
OR
mitsubishielectricmelsec_wincpu_setting_utility
OR
mitsubishielectricmelsoft_em_software_development_kit
OR
mitsubishielectricmelsoft_navigatorRange2.74c
OR
mitsubishielectricmh11_settingtool_version2Range2.004e
OR
mitsubishielectricmi_configurator
OR
mitsubishielectricmt_works2Range1.167z
OR
mitsubishielectricmx_componentRange5.001b
OR
mitsubishielectricnetwork_interface_board_cc-link
OR
mitsubishielectricnetwork_interface_board_cc_ie_control_utility
OR
mitsubishielectricnetwork_interface_board_cc_ie_field_utility
OR
mitsubishielectricnetwork_interface_board_mneth_utility
OR
mitsubishielectricpx_developerRange1.53f
OR
mitsubishielectricrt_toolbox2Range3.73b
OR
mitsubishielectricrt_toolbox3Range1.82l
OR
mitsubishielectricsetting\/monitoring_tools_for_the_c_controller_module
OR
mitsubishielectricslmp_data_collectorRange1.04e
CPENameOperatorVersion
mitsubishielectric:c_controller_module_setting_and_monitoring_toolmitsubishielectric c controller module setting and monitoring tooleq*
mitsubishielectric:cpu_module_logging_configuration_toolmitsubishielectric cpu module logging configuration toolle1.112r
mitsubishielectric:cw_configuratormitsubishielectric cw configuratorle1.011m
mitsubishielectric:data_transfermitsubishielectric data transferle3.44w
mitsubishielectric:ezsocketmitsubishielectric ezsocketeq*
mitsubishielectric:fr_configuratormitsubishielectric fr configuratoreq*
mitsubishielectric:fr_configurator_sw3mitsubishielectric fr configurator sw3eq*
mitsubishielectric:fr_configurator2mitsubishielectric fr configurator2le1.24a
mitsubishielectric:gt_designer3mitsubishielectric gt designer3le1.250l
mitsubishielectric:gt_softgot1000mitsubishielectric gt softgot1000le3.245f
Rows per page:
1-10 of 411

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FA Engineering Software",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "CPU Module Logging Configuration Tool versions 1.112R and prior"
      },
      {
        "status": "affected",
        "version": "CW Configurator versions 1.011M and prior"
      },
      {
        "status": "affected",
        "version": "Data Transfer versions 3.44W and prior"
      },
      {
        "status": "affected",
        "version": "EZSocket versions 5.4 and prior"
      },
      {
        "status": "affected",
        "version": "FR Configurator all versions"
      },
      {
        "status": "affected",
        "version": "FR Configurator SW3 all versions"
      },
      {
        "status": "affected",
        "version": "FR Configurator2 versions 1.24A and prior"
      },
      {
        "status": "affected",
        "version": "GT Designer3 Version1(GOT1000) versions 1.250L and prior"
      },
      {
        "status": "affected",
        "version": "GT Designer3 Version1(GOT2000) versions 1.250L and prior"
      },
      {
        "status": "affected",
        "version": "GT SoftGOT1000 Version3 versions 3.245F and prior"
      },
      {
        "status": "affected",
        "version": "GT SoftGOT2000 Version1 versions 1.250L and prior"
      },
      {
        "status": "affected",
        "version": "GX Configurator-DP versions 7.14Q and prior"
      },
      {
        "status": "affected",
        "version": "GX Configurator-QP all versions"
      },
      {
        "status": "affected",
        "version": "GX Developer versions 8.506C and prior"
      },
      {
        "status": "affected",
        "version": "GX Explorer all versions"
      },
      {
        "status": "affected",
        "version": "GX IEC Developer all versions"
      },
      {
        "status": "affected",
        "version": "GX LogViewer versions 1.115U and prior"
      },
      {
        "status": "affected",
        "version": "GX RemoteService-I all versions"
      },
      {
        "status": "affected",
        "version": "GX Works2 versions 1.597X and prior"
      },
      {
        "status": "affected",
        "version": "GX Works3 versions 1.070Y and prior"
      },
      {
        "status": "affected",
        "version": "iQ Monozukuri ANDON (Data Transfer) all versions"
      },
      {
        "status": "affected",
        "version": "iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions"
      },
      {
        "status": "affected",
        "version": "M_CommDTM-HART all versions"
      },
      {
        "status": "affected",
        "version": "M_CommDTM-IO-Link versions 1.03D and prior"
      },
      {
        "status": "affected",
        "version": "MELFA-Works versions 4.4 and prior"
      },
      {
        "status": "affected",
        "version": "MELSEC WinCPU Setting Utility all versions"
      },
      {
        "status": "affected",
        "version": "MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior"
      },
      {
        "status": "affected",
        "version": "MELSOFT Navigator versions 2.74C and prior"
      },
      {
        "status": "affected",
        "version": "MH11 SettingTool Version2 versions 2.004E and prior"
      },
      {
        "status": "affected",
        "version": "MI Configurator versions 1.004E and prior"
      },
      {
        "status": "affected",
        "version": "MT Works2 versions 1.167Z and prior"
      },
      {
        "status": "affected",
        "version": "MX Component versions 5.001B and prior"
      },
      {
        "status": "affected",
        "version": "Network Interface Board CC IE Control utility versions 1.29F and prior"
      },
      {
        "status": "affected",
        "version": "Network Interface Board CC IE Field Utility versions 1.16S and prior"
      },
      {
        "status": "affected",
        "version": "Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior"
      },
      {
        "status": "affected",
        "version": "Network Interface Board MNETH utility versions 34L and prior"
      },
      {
        "status": "affected",
        "version": "PX Developer versions 1.53F and prior"
      },
      {
        "status": "affected",
        "version": "RT ToolBox2 versions 3.73B and prior"
      },
      {
        "status": "affected",
        "version": "RT ToolBox3 versions 1.82L and prior"
      },
      {
        "status": "affected",
        "version": "Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior"
      },
      {
        "status": "affected",
        "version": "SLMP Data Collector versions 1.04E and prior"
      }
    ]
  }
]

Social References

More

Related

nessus 1
cvelist 1
prion 1
nvd 1
ics 1
nessus
nessus
Mitsubishi (CVE-2021-20587) (deprecated)
2022-02-07 00:00:00
cvelist
cvelist
CVE-2021-20587
2021-02-19 19:55:37
prion
prion
Heap overflow
2021-02-19 20:15:00
nvd
nvd
CVE-2021-20587
2021-02-19 20:15:12
ics
ics
Mitsubishi Electric FA Engineering Software Products (Update G)
2022-11-22 12:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for CVE-2021-20587
nessus1cvelist1prion1nvd1ics1