CVE-2021-20587

🗓️ 19 Feb 2021 19:55:37Reported by MitsubishiType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 132 Views

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software. Remote unauthenticated attacker can cause DoS condition, possibly execute malicious program on personal computer

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2021-20587	19 Feb 202122:51	–	circl
CNNVD	Mitsubishi Electric FA Engineering Software Buffer Error Vulnerability	18 Feb 202100:00	–	cnnvd
Cvelist	CVE-2021-20587	19 Feb 202119:55	–	cvelist
EUVD	EUVD-2021-8005	3 Oct 202520:07	–	euvd
ICS	Mitsubishi Electric FA Engineering Software Products (Update H)	18 Feb 202107:00	–	ics
NVD	CVE-2021-20587	19 Feb 202120:15	–	nvd
Prion	Heap overflow	19 Feb 202120:15	–	prion
Positive Technologies	PT-2021-14060 · Mitsubishi · Mitsubishi Electric Fa Engineering	19 Feb 202100:00	–	ptsecurity
RedhatCVE	CVE-2021-20587	22 May 202521:00	–	redhatcve
Tenable Nessus	Mitsubishi (CVE-2021-20587) (deprecated)	7 Feb 202200:00	–	nessus

NVD

Node

mitsubishielectric c_controller_module_setting_and_monitoring_tool

mitsubishielectric cpu_module_logging_configuration_toolRange≤1.112r

mitsubishielectric cw_configuratorRange≤1.011m

mitsubishielectric data_transferRange≤3.44w

mitsubishielectric ezsocket

mitsubishielectric fr_configurator

mitsubishielectric fr_configurator_sw3

mitsubishielectric fr_configurator2Range≤1.24a

mitsubishielectric gt_designer3Range≤1.250l

mitsubishielectric gt_softgot1000Range≤3.245f

mitsubishielectric gt_softgot2000Range≤1.250l

mitsubishielectric gx_configurator-dpRange≤7.14q

mitsubishielectric gx_configurator-qp

mitsubishielectric gx_developerRange≤8.506c

mitsubishielectric gx_explorer

mitsubishielectric gx_iec_developer

mitsubishielectric gx_logviewerRange≤1.115u

mitsubishielectric gx_remoteservice-i

mitsubishielectric gx_works2Range≤1.597x

mitsubishielectric gx_works3Range≤1.070y

mitsubishielectric iq_monozukuri_andonMatch-

mitsubishielectric iq_monozukuri_process_remote_monitoringMatch-

mitsubishielectric m_commdtm-hart

mitsubishielectric m_commdtm-io-link

mitsubishielectric melfa-worksRange≤4.4

mitsubishielectric melsec_wincpu_setting_utility

mitsubishielectric melsoft_em_software_development_kit

mitsubishielectric melsoft_navigatorRange≤2.74c

mitsubishielectric mh11_settingtool_version2Range≤2.004e

mitsubishielectric mi_configurator

mitsubishielectric mt_works2Range≤1.167z

mitsubishielectric mx_componentRange≤5.001b

mitsubishielectric network_interface_board_cc-link

mitsubishielectric network_interface_board_cc_ie_control_utility

mitsubishielectric network_interface_board_cc_ie_field_utility

mitsubishielectric network_interface_board_mneth_utility

mitsubishielectric px_developerRange≤1.53f

mitsubishielectric rt_toolbox2Range≤3.73b

mitsubishielectric rt_toolbox3Range≤1.82l

mitsubishielectric setting/monitoring_tools_for_the_c_controller_module

mitsubishielectric slmp_data_collectorRange≤1.04e

[
  {
    "defaultStatus": "unaffected",
    "product": "CPU Module Logging Configuration Tool",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.112R and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CW Configurator",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.011M and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Data Transfer",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.44W and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EZSocket",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.4 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "FR Configurator",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "FR Configurator SW3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "FR Configurator2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.24A and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT1000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.250L and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT2000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.250L and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT SoftGOT1000 Version3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.245F and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT SoftGOT2000 Version1",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.250L and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Configurator-DP",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "7.14Q and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Configurator-QP",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Developer",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "8.506C and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Explorer",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX IEC Developer",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX LogViewer",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.115U and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX RemoteService-I",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.597X and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.070Y and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iQ Monozukuri ANDON (Data Transfer)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.003D and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iQ Monozukuri Process Remote Monitoring (Data Transfer)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.002C and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "M_CommDTM-HART",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "M_CommDTM-IO-Link",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.03D and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELFA-Works",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "4.4 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC WinCPU Setting Utility",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSOFT EM Software Development Kit (EM Configurator)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.015R and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSOFT Navigator",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "2.74C and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MH11 SettingTool Version2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "2.004E and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MI Configurator",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.004E and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MT Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.167Z and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX Component",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.001B and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Network Interface Board CC IE Control utility",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.29F and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Network Interface Board CC IE Field Utility",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.16S and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Network Interface Board CC-Link Ver.2 Utility",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.23Z and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Network Interface Board MNETH utility",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "34L and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PX Developer",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.53F and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RT ToolBox2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.73B and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RT ToolBox3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.82L and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "4.12N and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SLMP Data Collector",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.04E and prior"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-21-049-02
mitsubishielectric	www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-021_en.pdf
jvn	www.jvn.jp/vu/JVNVU92330101
mitsubishielectric	www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf
jvn	www.jvn.jp/vu/JVNVU92330101/index.html
us-cert	www.us-cert.cisa.gov/ics/advisories/icsa-21-049-02

13 Jun 2025 00:15Current

9.2High risk

Vulners AI Score9.2

CVSS 27.5

CVSS 3.17.5 - 9.8

EPSS0.11751