Vulnerability Description
Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Cpu Module Logging Configuration Tool | <= 1.94y |
| Mitsubishielectric | Cw Configurator | <= 1.010l |
| Mitsubishielectric | Em Configurator | <= 1.010l |
| Mitsubishielectric | Gt Designer3 | <= 1.221f |
| Mitsubishielectric | Gx Logviewer | <= 1.100e |
| Mitsubishielectric | Gx Works2 | <= 1.590q |
| Mitsubishielectric | Gx Works3 | <= 1.060n |
| Mitsubishielectric | M Commdtm-Hart | <= 1.01b |
| Mitsubishielectric | M Commdtm-Io-Link | <= 1.03d |
| Mitsubishielectric | Melfa-Works | <= 4.4 |
| Mitsubishielectric | Melsec-L Flexible High-Speed I\/O Control Module Configuration Tool | <= 1.005f |
| Mitsubishielectric | Melsoft Fielddeviceconfigurator | <= 1.04e |
| Mitsubishielectric | Melsoft Iq Appportal | <= 1.14q |
| Mitsubishielectric | Melsoft Navigator | <= 2.62q |
| Mitsubishielectric | Mi Configurator | <= 1.004e |
| Mitsubishielectric | Motion Control Setting | <= 1.006g |
| Mitsubishielectric | Mr Configurator2 | <= 1.100e |
| Mitsubishielectric | Mt Works2 | <= 1.160s |
| Mitsubishielectric | Rt Toolbox2 | <= 3.73b |
| Mitsubishielectric | Rt Toolbox3 | <= 1.60n |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU90307594/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-004_en.pdfMitigationVendor Advisory
- https://jvn.jp/en/vu/JVNVU90307594/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-004_en.pdfMitigationVendor Advisory
FAQ
What is CVE-2020-5603?
CVE-2020-5603 is a vulnerability with a CVSS score of 7.5 (HIGH). Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, ...
How severe is CVE-2020-5603?
CVE-2020-5603 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5603?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Cpu Module Logging Configuration Tool, Mitsubishielectric Cw Configurator, Mitsubishielectric Em Configurator, Mitsubishielectric Gt Designer3, Mitsubishielectric Gx Logviewer.