CVE-2020-14496: Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues
First published: Thu May 19 2022(Updated: )
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Cpu Module Logging Configuration Tool | <1.106k | |
| Mitsubishielectric Cw Configurator | <1.011m | |
| Mitsubishielectric Data Transfer | <3.41t | |
| Mitsubishielectric Em Configurator | <1.015r | |
| Mitsubishielectric Ezsocket | <4.6 | |
| Mitsubishielectric Fr Configurator2 | <1.23z | |
| Mitsubishielectric Gt Designer3 | <1.236w | |
| Mitsubishielectric Gt Softgot1000 | <3.245f | |
| Mitsubishielectric Gt Softgot2000 | <1.236w | |
| Mitsubishielectric Gx Logviewer | <1.106k | |
| Mitsubishielectric Gx Works2 | <1.595v | |
| Mitsubishielectric Gx Works3 | <1.065t | |
| Mitsubishielectric M Commdtm-hart | <1.01b | |
| Mitsubishielectric M Commdtm-io-link | <1.04e | |
| Mitsubishielectric Melfa-works | <4.4 | |
| Mitsubishielectric Melsoft Fielddeviceconfigurator | <1.04e | |
| Mitsubishielectric Melsoft Navigator | <2.70y | |
| Mitsubishielectric Mh11 Settingtool Version2 | <2.003d | |
| Mitsubishielectric Motorizer | <1.010l | |
| Mitsubishielectric Mr Configurator2 | <1.106l | |
| Mitsubishielectric Mt Works2 | <1.160s | |
| Mitsubishielectric Mx Component | <4.20w | |
| Mitsubishielectric Network Interface Board Cc-link Ver.2 Utility | <1.24a | |
| Mitsubishielectric Network Interface Board Cc Ie Control Utility | <1.30g | |
| Mitsubishielectric Network Interface Board Cc Ie Field Utility | <1.17t | |
| Mitsubishielectric Network Interface Board Mneth Utility | <35m | |
| Mitsubishielectric Px Developer | <1.53f | |
| Mitsubishielectric Rt Toolbox2 | <3.73b | |
| Mitsubishielectric Rt Toolbox3 | <1.80j | |
| Mitsubishi Electric CPU Module Logging Configuration Tool, Versions 1.100E and prior | ||
| Mitsubishi Electric CW Configurator, Versions 1.010L and prior | ||
| Mitsubishi Electric Data Transfer, Versions 3.40S and prior | ||
| Mitsubishi Electric EZSocket, Versions 4.5 and prior | ||
| Mitsubishi Electric FR Configurator2, Versions 1.22Y and prior | ||
| Mitsubishi Electric GT Designer3 Version1 (GOT2000), Versions 1.235V and prior | ||
| Mitsubishi Electric GT SoftGOT1000 Version3, 3.200J and prior | ||
| Mitsubishi Electric GT SoftGOT2000 Version1, Versions 1.235V and prior | ||
| Mitsubishi Electric GX LogViewer, Versions 1.100E and prior | ||
| Mitsubishi Electric GX Works2, Versions 1.592S and prior | ||
| Mitsubishi Electric GX Works3, Versions 1.063R and prior | ||
| Mitsubishi Electric M_CommDTM-HART, Version 1.00A | ||
| Mitsubishi Electric M_CommDTM-IO-Link, Versions 1.03D and prior | ||
| Mitsubishi Electric MELFA-Works, versions 4.3 and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14496?
CVE-2020-14496 is a vulnerability that allows an attacker to escalate privilege and execute malicious programs in multiple Mitsubishi Electric Factory Automation Engineering Software Products.
How severe is CVE-2020-14496?
CVE-2020-14496 has a severity rating of 9.8, which is considered critical.
Which Mitsubishi Electric software products are affected by CVE-2020-14496?
The following Mitsubishi Electric software products are affected: CPU Module Logging Configuration Tool, CW Configurator, Data Transfer, EM Configurator, EZSocket, FR Configurator2, GT Designer3, GT SoftGOT1000, GT SoftGOT2000, GX LogViewer, GX Works2, GX Works3, M Commdtm-HART, M Commdtm-IO-Link, MELFA-Works, Melsoft Fielddeviceconfigurator, Melsoft Navigator, MH11 Settingtool Version2, Motorizer, MR Configurator2, MT Works2, MX Component, Network Interface Board CC-Link Ver.2 Utility, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board MNETH Utility, PX Developer, RT Toolbox2, and RT Toolbox3.
What can an attacker do if they exploit CVE-2020-14496?
If CVE-2020-14496 is successfully exploited, an attacker can escalate privilege, execute malicious programs, cause a denial-of-service condition, and access information.
Is there a fix available for CVE-2020-14496?
It is recommended to apply the latest patches and updates provided by Mitsubishi Electric to fix CVE-2020-14496.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/event
- agent/description
- agent/severity
- agent/references
- agent/tags
- agent/softwarecombine
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishielectric cpu module logging configuration tool
- canonical/mitsubishielectric cw configurator
- canonical/mitsubishielectric data transfer
- canonical/mitsubishielectric em configurator
- canonical/mitsubishielectric ezsocket
- canonical/mitsubishielectric fr configurator2
- canonical/mitsubishielectric gt designer3
- canonical/mitsubishielectric gt softgot1000
- canonical/mitsubishielectric gt softgot2000
- canonical/mitsubishielectric gx logviewer
- canonical/mitsubishielectric gx works2
- canonical/mitsubishielectric gx works3
- canonical/mitsubishielectric m commdtm-hart
- canonical/mitsubishielectric m commdtm-io-link
- canonical/mitsubishielectric melfa-works
- canonical/mitsubishielectric melsoft fielddeviceconfigurator
- canonical/mitsubishielectric melsoft navigator
- canonical/mitsubishielectric mh11 settingtool version2
- canonical/mitsubishielectric motorizer
- canonical/mitsubishielectric mr configurator2
- canonical/mitsubishielectric mt works2
- canonical/mitsubishielectric mx component
- canonical/mitsubishielectric network interface board cc-link ver.2 utility
- canonical/mitsubishielectric network interface board cc ie control utility
- canonical/mitsubishielectric network interface board cc ie field utility
- canonical/mitsubishielectric network interface board mneth utility
- canonical/mitsubishielectric px developer
- canonical/mitsubishielectric rt toolbox2
- canonical/mitsubishielectric rt toolbox3
- vendor/mitsubishi electric
- canonical/mitsubishi electric cpu module logging configuration tool, versions 1.100e and prior
- canonical/mitsubishi electric cw configurator, versions 1.010l and prior
- canonical/mitsubishi electric data transfer, versions 3.40s and prior
- canonical/mitsubishi electric ezsocket, versions 4.5 and prior
- canonical/mitsubishi electric fr configurator2, versions 1.22y and prior
- canonical/mitsubishi electric gt designer3 version1 (got2000), versions 1.235v and prior
- canonical/mitsubishi electric gt softgot1000 version3, 3.200j and prior
- canonical/mitsubishi electric gt softgot2000 version1, versions 1.235v and prior
- canonical/mitsubishi electric gx logviewer, versions 1.100e and prior
- canonical/mitsubishi electric gx works2, versions 1.592s and prior
- canonical/mitsubishi electric gx works3, versions 1.063r and prior
- canonical/mitsubishi electric m_commdtm-hart, version 1.00a
- canonical/mitsubishi electric m_commdtm-io-link, versions 1.03d and prior
- canonical/mitsubishi electric melfa-works, versions 4.3 and prior