CVE-2020-14523: Mitsubishi Electric Factory Automation Products Path Traversal
First published: Fri Feb 11 2022(Updated: )
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric CW Configurator | ||
| Mitsubishi Electric FR Configurator2 | ||
| Mitsubishi Electric GX Works2 | ||
| Mitsubishi Electric GX Works3 | ||
| Mitsubishi Electric MELSEC iQ-R Series Motion Module | ||
| Mitsubishi Electric MELSOFT iQ AppPortal | ||
| Mitsubishi Electric iQ Works (MELSOFT Navigator) | ||
| Mitsubishi Electric CW Configurator | <=1.010l | |
| Mitsubishi Electric FR Configurator2 Firmware | <=1.22y | |
| Mitsubishi Electric GX Works2 | <=1.595v | |
| Mitsubishi Electric GX Works3 | <=1.063r | |
| Mitsubishi Electric Iu Configuration Tool | <=1.04 | |
| Mitsubishi Electric Iu Developer2 | <=1.08 | |
| Mitsubishi Electric Melsoft IQ AppPortal | <=1.17t | |
| Mitsubishi Electric iQ Works (MELSOFT Navigator) | <=2.70y | |
| Mitsubishi Electric MI Configurator | ||
| Mitsubishi Electric MR Configurator2 | <=1.110q | |
| Mitsubishi Electric MT Works2 | <=1.156n | |
| Mitsubishi Electric MX Component | <=4.20w | |
| Mitsubishi Electric RT Toolbox 3 | <=1.70y | |
| Mitsubishi Electric RD78G4 | <=10 | |
| Mitsubishi Electric RD78G4 | ||
| Mitsubishi Electric RD78G8 | <=10 | |
| Mitsubishi Electric RD78G8 | ||
| Mitsubishi Electric RD78G16 | <=10 | |
| Mitsubishi Electric RD78G16 | ||
| Mitsubishi Electric RD78G32 Firmware | <=10 | |
| Mitsubishi Electric RD78G32 | ||
| Mitsubishi Electric RD78G64 | <=10 | |
| Mitsubishielectric Rd78g64 Firmware | ||
| Mitsubishielectric Rd78ghv Firmware | <=10 | |
| Mitsubishielectric Rd78ghv Firmware | ||
| Mitsubishi Electric RD78GHW | <=10 | |
| Mitsubishi Electric RD78GHW |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-14523?
The severity of CVE-2020-14523 is critical with a CVSS score of 9.8.
Which Mitsubishi Electric Factory Automation products are affected by CVE-2020-14523?
Multiple Mitsubishi Electric Factory Automation products are affected, including CW Configurator, FR Configurator2, GX Works2, GX Works3, IU Configuration Tool, IU Developer2, Melsoft IQ Appportal, Melsoft Navigator, MI Configurator, MR Configurator2, MT Works2, MX Component, RT Toolbox3, Rd78g4 Firmware, Rd78g8 Firmware, Rd78g16 Firmware, Rd78g32 Firmware, Rd78g64 Firmware, Rd78ghv Firmware, and Rd78ghw Firmware.
What is the vulnerability of CVE-2020-14523?
CVE-2020-14523 allows an attacker to execute arbitrary code.
Are there any available fixes for CVE-2020-14523?
Mitsubishi Electric has released a security update to address the vulnerability. Please refer to their official advisory for more information.
Where can I find more information about CVE-2020-14523?
You can find more information about CVE-2020-14523 from the Japan Vulnerability Notes (JVN) website, US-CERT advisories, and the official Mitsubishi Electric PSIRT advisory.
- agent/type
- agent/remedy
- agent/author
- agent/weakness
- agent/title
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/mitsubishi electric
- canonical/mitsubishi electric cw configurator
- canonical/mitsubishi electric fr configurator2
- canonical/mitsubishi electric gx works2
- canonical/mitsubishi electric gx works3
- canonical/mitsubishi electric melsec iq-r series motion module
- canonical/mitsubishi electric melsoft iq appportal
- canonical/mitsubishi electric iq works (melsoft navigator)
- vendor/mitsubishielectric
- version/mitsubishi electric cw configurator/1.010l
- canonical/mitsubishi electric fr configurator2 firmware
- version/mitsubishi electric fr configurator2 firmware/1.22y
- version/mitsubishi electric gx works2/1.595v
- version/mitsubishi electric gx works3/1.063r
- canonical/mitsubishi electric iu configuration tool
- version/mitsubishi electric iu configuration tool/1.04
- canonical/mitsubishi electric iu developer2
- version/mitsubishi electric iu developer2/1.08
- version/mitsubishi electric melsoft iq appportal/1.17t
- version/mitsubishi electric iq works (melsoft navigator)/2.70y
- canonical/mitsubishi electric mi configurator
- canonical/mitsubishi electric mr configurator2
- version/mitsubishi electric mr configurator2/1.110q
- canonical/mitsubishi electric mt works2
- version/mitsubishi electric mt works2/1.156n
- canonical/mitsubishi electric mx component
- version/mitsubishi electric mx component/4.20w
- canonical/mitsubishi electric rt toolbox 3
- version/mitsubishi electric rt toolbox 3/1.70y
- canonical/mitsubishi electric rd78g4
- version/mitsubishi electric rd78g4/10
- canonical/mitsubishi electric rd78g8
- version/mitsubishi electric rd78g8/10
- canonical/mitsubishi electric rd78g16
- version/mitsubishi electric rd78g16/10
- canonical/mitsubishi electric rd78g32 firmware
- version/mitsubishi electric rd78g32 firmware/10
- canonical/mitsubishi electric rd78g32
- canonical/mitsubishi electric rd78g64
- version/mitsubishi electric rd78g64/10
- canonical/mitsubishielectric rd78g64 firmware
- canonical/mitsubishielectric rd78ghv firmware
- version/mitsubishielectric rd78ghv firmware/10
- canonical/mitsubishi electric rd78ghw
- version/mitsubishi electric rd78ghw/10