CVE-2020-14523: Mitsubishi Electric Factory Automation Products Path Traversal
First published: Fri Feb 11 2022(Updated: )
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Cw Configurator | <=1.010l | |
| Mitsubishielectric Fr Configurator2 | <=1.22y | |
| Mitsubishielectric Gx Works2 | <=1.595v | |
| Mitsubishielectric Gx Works3 | <=1.063r | |
| Mitsubishielectric Iu Configuration Tool | <=1.04 | |
| Mitsubishielectric Iu Developer2 | <=1.08 | |
| Mitsubishielectric Melsoft Iq Appportal | <=1.17t | |
| Mitsubishielectric Melsoft Navigator | <=2.70y | |
| Mitsubishielectric Mi Configurator | ||
| Mitsubishielectric Mr Configurator2 | <=1.110q | |
| Mitsubishielectric Mt Works2 | <=1.156n | |
| Mitsubishielectric Mx Component | <=4.20w | |
| Mitsubishielectric Rt Toolbox3 | <=1.70y | |
| Mitsubishielectric Rd78g4 Firmware | <=10 | |
| Mitsubishielectric Rd78g4 | ||
| Mitsubishielectric Rd78g8 Firmware | <=10 | |
| Mitsubishielectric Rd78g8 | ||
| Mitsubishielectric Rd78g16 Firmware | <=10 | |
| Mitsubishielectric Rd78g16 | ||
| Mitsubishielectric Rd78g32 Firmware | <=10 | |
| Mitsubishielectric Rd78g32 | ||
| Mitsubishielectric Rd78g64 Firmware | <=10 | |
| Mitsubishielectric Rd78g64 | ||
| Mitsubishielectric Rd78ghv Firmware | <=10 | |
| Mitsubishielectric Rd78ghv | ||
| Mitsubishielectric Rd78ghw Firmware | <=10 | |
| Mitsubishielectric Rd78ghw | ||
| Mitsubishi Electric MELSOFT iQ AppPortal, Version 1.17T and prior | ||
| Mitsubishi Electric MELSOFT Navigator, 2.70Y and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-14523?
The severity of CVE-2020-14523 is critical with a CVSS score of 9.8.
Which Mitsubishi Electric Factory Automation products are affected by CVE-2020-14523?
Multiple Mitsubishi Electric Factory Automation products are affected, including CW Configurator, FR Configurator2, GX Works2, GX Works3, IU Configuration Tool, IU Developer2, Melsoft IQ Appportal, Melsoft Navigator, MI Configurator, MR Configurator2, MT Works2, MX Component, RT Toolbox3, Rd78g4 Firmware, Rd78g8 Firmware, Rd78g16 Firmware, Rd78g32 Firmware, Rd78g64 Firmware, Rd78ghv Firmware, and Rd78ghw Firmware.
What is the vulnerability of CVE-2020-14523?
CVE-2020-14523 allows an attacker to execute arbitrary code.
Are there any available fixes for CVE-2020-14523?
Mitsubishi Electric has released a security update to address the vulnerability. Please refer to their official advisory for more information.
Where can I find more information about CVE-2020-14523?
You can find more information about CVE-2020-14523 from the Japan Vulnerability Notes (JVN) website, US-CERT advisories, and the official Mitsubishi Electric PSIRT advisory.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/last-modified-date
- agent/title
- agent/tags
- agent/references
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- vendor/mitsubishielectric
- canonical/mitsubishielectric cw configurator
- version/mitsubishielectric cw configurator/1.010l
- canonical/mitsubishielectric fr configurator2
- version/mitsubishielectric fr configurator2/1.22y
- canonical/mitsubishielectric gx works2
- version/mitsubishielectric gx works2/1.595v
- canonical/mitsubishielectric gx works3
- version/mitsubishielectric gx works3/1.063r
- canonical/mitsubishielectric iu configuration tool
- version/mitsubishielectric iu configuration tool/1.04
- canonical/mitsubishielectric iu developer2
- version/mitsubishielectric iu developer2/1.08
- canonical/mitsubishielectric melsoft iq appportal
- version/mitsubishielectric melsoft iq appportal/1.17t
- canonical/mitsubishielectric melsoft navigator
- version/mitsubishielectric melsoft navigator/2.70y
- canonical/mitsubishielectric mi configurator
- canonical/mitsubishielectric mr configurator2
- version/mitsubishielectric mr configurator2/1.110q
- canonical/mitsubishielectric mt works2
- version/mitsubishielectric mt works2/1.156n
- canonical/mitsubishielectric mx component
- version/mitsubishielectric mx component/4.20w
- canonical/mitsubishielectric rt toolbox3
- version/mitsubishielectric rt toolbox3/1.70y
- canonical/mitsubishielectric rd78g4 firmware
- version/mitsubishielectric rd78g4 firmware/10
- canonical/mitsubishielectric rd78g4
- canonical/mitsubishielectric rd78g8 firmware
- version/mitsubishielectric rd78g8 firmware/10
- canonical/mitsubishielectric rd78g8
- canonical/mitsubishielectric rd78g16 firmware
- version/mitsubishielectric rd78g16 firmware/10
- canonical/mitsubishielectric rd78g16
- canonical/mitsubishielectric rd78g32 firmware
- version/mitsubishielectric rd78g32 firmware/10
- canonical/mitsubishielectric rd78g32
- canonical/mitsubishielectric rd78g64 firmware
- version/mitsubishielectric rd78g64 firmware/10
- canonical/mitsubishielectric rd78g64
- canonical/mitsubishielectric rd78ghv firmware
- version/mitsubishielectric rd78ghv firmware/10
- canonical/mitsubishielectric rd78ghv
- canonical/mitsubishielectric rd78ghw firmware
- version/mitsubishielectric rd78ghw firmware/10
- canonical/mitsubishielectric rd78ghw
- vendor/mitsubishi electric
- canonical/mitsubishi electric melsoft iq appportal, version 1.17t and prior
- canonical/mitsubishi electric melsoft navigator, 2.70y and prior