CVE-2020-14521 — HIGH (8.3)

Q: How severe is CVE-2020-14521?

CVE-2020-14521 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14521?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric C Controller Interface Module Utility, Mitsubishielectric C Controller Module Setting And Monitoring Tool, Mitsubishielectric Cc-Link Ie Control Network Data Collector, Mitsubishielectric Cc-Link Ie Field Network Data Collector, Mitsubishielectric Cc-Link Ie Tsn Data Collector.

Vulnerability Description

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishielectric	C Controller Interface Module Utility	All versions
Mitsubishielectric	C Controller Module Setting And Monitoring Tool	All versions
Mitsubishielectric	Cc-Link Ie Control Network Data Collector	1.00a
Mitsubishielectric	Cc-Link Ie Field Network Data Collector	1.00a
Mitsubishielectric	Cc-Link Ie Tsn Data Collector	1.00a
Mitsubishielectric	Cpu Module Logging Configuration Tool	<= 1.100e
Mitsubishielectric	Cw Configurator	<= 1.010l
Mitsubishielectric	Data Transfer	<= 3.42u
Mitsubishielectric	Ezsocket	<= 5.1
Mitsubishielectric	Fr Configurator Sw3	All versions
Mitsubishielectric	Fr Configurator2	All versions
Mitsubishielectric	Gt Designer2 Classic	All versions
Mitsubishielectric	Gt Softgot1000	>= 3.0, <= 3.200j
Mitsubishielectric	Gt Softgot2000	>= 1.0, <= 1.241b
Mitsubishielectric	Gx Developer	<= 8.504a
Mitsubishielectric	Gx Logviewer	<= 1.100e
Mitsubishielectric	Gx Works2	<= 1.601b
Mitsubishielectric	Gx Works3	<= 1.063r
Mitsubishielectric	M Commdtm-Io-Link	All versions
Mitsubishielectric	Melfa-Works	<= 4.4

Related Weaknesses (CWE)

CWE-428 CWE-276

References

https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdfVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdfVendor Advisory

FAQ

What is CVE-2020-14521?

CVE-2020-14521 is a vulnerability with a CVSS score of 8.3 (HIGH). Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, mo...

How severe is CVE-2020-14521?

CVE-2020-14521 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14521?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric C Controller Interface Module Utility, Mitsubishielectric C Controller Module Setting And Monitoring Tool, Mitsubishielectric Cc-Link Ie Control Network Data Collector, Mitsubishielectric Cc-Link Ie Field Network Data Collector, Mitsubishielectric Cc-Link Ie Tsn Data Collector.