CVE-2020-14496 — HIGH (8.3)

Q: How severe is CVE-2020-14496?

CVE-2020-14496 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14496?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Cpu Module Logging Configuration Tool, Mitsubishielectric Cw Configurator, Mitsubishielectric Data Transfer, Mitsubishielectric Em Configurator, Mitsubishielectric Ezsocket.

Vulnerability Description

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Cpu Module Logging Configuration Tool	< 1.106k
Mitsubishielectric	Cw Configurator	< 1.011m
Mitsubishielectric	Data Transfer	< 3.41t
Mitsubishielectric	Em Configurator	< 1.015r
Mitsubishielectric	Ezsocket	< 4.6
Mitsubishielectric	Fr Configurator2	< 1.23z
Mitsubishielectric	Gt Designer3	< 1.236w
Mitsubishielectric	Gt Softgot1000	< 3.245f
Mitsubishielectric	Gt Softgot2000	< 1.236w
Mitsubishielectric	Gx Logviewer	< 1.106k
Mitsubishielectric	Gx Works2	< 1.595v
Mitsubishielectric	Gx Works3	< 1.065t
Mitsubishielectric	M Commdtm-Hart	< 1.01b
Mitsubishielectric	M Commdtm-Io-Link	< 1.04e
Mitsubishielectric	Melfa-Works	< 4.4
Mitsubishielectric	Melsoft Fielddeviceconfigurator	< 1.04e
Mitsubishielectric	Melsoft Navigator	< 2.70y
Mitsubishielectric	Mh11 Settingtool Version2	< 2.003d
Mitsubishielectric	Motorizer	< 1.010l
Mitsubishielectric	Mr Configurator2	< 1.106l

Related Weaknesses (CWE)

CWE-275

References

https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-14496?

CVE-2020-14496 is a vulnerability with a CVSS score of 8.3 (HIGH). Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and ex...

How severe is CVE-2020-14496?

CVE-2020-14496 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14496?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Cpu Module Logging Configuration Tool, Mitsubishielectric Cw Configurator, Mitsubishielectric Data Transfer, Mitsubishielectric Em Configurator, Mitsubishielectric Ezsocket.