critical
9.8
CWE
275
Advisory Published
Updated

CVE-2020-14496: Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues

First published: Thu May 19 2022(Updated: )

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Mitsubishi Electric CPU Module Logging Configuration Tool
Mitsubishi Electric CW Configurator
Mitsubishi Electric Data Transfer
Mitsubishi Electric EZSocket
Mitsubishi Electric FR Configurator2
Mitsubishi Electric GT Designer3 Version1 (GOT2000)
Mitsubishi Electric GT SoftGOT1000
Mitsubishi Electric GT SoftGOT2000
Mitsubishi Electric GX LogViewer
Mitsubishi Electric GX Works2
Mitsubishi Electric GX Works3
Mitsubishi Electric M_CommDTM-HART
Mitsubishi Electric M_CommDTM-IO-Link
Mitsubishi Electric MELFA-Works
Mitsubishi Electric CPU Module Logging Configuration Tool<1.106k
Mitsubishi Electric CW Configurator<1.011m
Mitsubishi Electric Data Transfer<3.41t
Mitsubishi Electric Em Configurator<1.015r
Mitsubishi Electric EZSocket<4.6
Mitsubishi Electric FR Configurator2 Firmware<1.23z
Mitsubishi Electric GT Designer 3<1.236w
Mitsubishi Electric GT SoftGOT1000<3.245f
Mitsubishi Electric GT SoftGOT2000<1.236w
Mitsubishi Electric GX LogViewer<1.106k
Mitsubishi Electric GX Works2<1.595v
Mitsubishi Electric GX Works3<1.065t
Mitsubishi Electric M Commdtm-HART<1.01b
Mitsubishi Electric M Commdtm IO-Link<1.04e
Mitsubishi Electric MELFA-Works<4.4
Mitsubishi Electric MELSOFT FieldDeviceConfigurator<1.04e
Mitsubishi Electric iQ Works (MELSOFT Navigator)<2.70y
Mitsubishi Electric MH11 Setting Tool Version 2<2.003d
Mitsubishi Electric Motorizer<1.010l
Mitsubishi Electric MR Configurator2<1.106l
Mitsubishi Electric MT Works2<1.160s
Mitsubishi Electric MX Component<4.20w
Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility Firmware<1.24a
Mitsubishi Electric Network Interface Board CC IE Control Utility Firmware<1.30g
Mitsubishi Electric Network Interface Board CC IE Field Utility Firmware<1.17t
Mitsubishi Electric Network Interface Board MNETH Utility<35m
Mitsubishi Electric PX Developer<1.53f
Mitsubishi Electric RT Toolbox2<3.73b
Mitsubishi Electric RT Toolbox 3<1.80j

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2020-14496?

    CVE-2020-14496 is a vulnerability that allows an attacker to escalate privilege and execute malicious programs in multiple Mitsubishi Electric Factory Automation Engineering Software Products.

  • How severe is CVE-2020-14496?

    CVE-2020-14496 has a severity rating of 9.8, which is considered critical.

  • Which Mitsubishi Electric software products are affected by CVE-2020-14496?

    The following Mitsubishi Electric software products are affected: CPU Module Logging Configuration Tool, CW Configurator, Data Transfer, EM Configurator, EZSocket, FR Configurator2, GT Designer3, GT SoftGOT1000, GT SoftGOT2000, GX LogViewer, GX Works2, GX Works3, M Commdtm-HART, M Commdtm-IO-Link, MELFA-Works, Melsoft Fielddeviceconfigurator, Melsoft Navigator, MH11 Settingtool Version2, Motorizer, MR Configurator2, MT Works2, MX Component, Network Interface Board CC-Link Ver.2 Utility, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board MNETH Utility, PX Developer, RT Toolbox2, and RT Toolbox3.

  • What can an attacker do if they exploit CVE-2020-14496?

    If CVE-2020-14496 is successfully exploited, an attacker can escalate privilege, execute malicious programs, cause a denial-of-service condition, and access information.

  • Is there a fix available for CVE-2020-14496?

    It is recommended to apply the latest patches and updates provided by Mitsubishi Electric to fix CVE-2020-14496.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203