CVE-2020-14523: Mitsubishi Electric Factory Automation Products Path Traversal
First published: Fri Feb 11 2022(Updated: )
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric CW Configurator,Versions 1.010L and prior | ||
| Mitsubishi Electric FR Configurator2, Versions 1.22Y and prior | ||
| Mitsubishi Electric GX Works2, Versions 1.595V and prior | ||
| Mitsubishi Electric GX Works3, Versions 1.063R and prior | ||
| Mitsubishi Electric MELSEC iQ-R Series Motion Module, Versions 10 and prior | ||
| Mitsubishi Electric MELSOFT iQ AppPortal, Version 1.17T and prior | ||
| Mitsubishi Electric MELSOFT Navigator | ||
| Mitsubishielectric Cw Configurator | <=1.010l | |
| Mitsubishielectric Fr Configurator2 | <=1.22y | |
| Mitsubishielectric Gx Works2 | <=1.595v | |
| Mitsubishielectric Gx Works3 | <=1.063r | |
| Mitsubishielectric Iu Configuration Tool | <=1.04 | |
| Mitsubishielectric Iu Developer2 | <=1.08 | |
| Mitsubishielectric Melsoft Iq Appportal | <=1.17t | |
| Mitsubishi Electric MELSOFT Navigator | <=2.70y | |
| Mitsubishielectric Mi Configurator | ||
| Mitsubishielectric Mr Configurator2 | <=1.110q | |
| Mitsubishi Electric MT Works2 | <=1.156n | |
| Mitsubishi Electric MX Component | <=4.20w | |
| Mitsubishielectric Rt Toolbox3 | <=1.70y | |
| Mitsubishielectric Rd78g4 Firmware | <=10 | |
| Mitsubishielectric Rd78g4 | ||
| Mitsubishielectric Rd78g8 Firmware | <=10 | |
| Mitsubishielectric Rd78g8 | ||
| Mitsubishielectric Rd78g16 Firmware | <=10 | |
| Mitsubishielectric Rd78g16 | ||
| Mitsubishielectric Rd78g32 Firmware | <=10 | |
| Mitsubishielectric Rd78g32 | ||
| Mitsubishielectric Rd78g64 Firmware | <=10 | |
| Mitsubishielectric Rd78g64 | ||
| Mitsubishielectric Rd78ghv Firmware | <=10 | |
| Mitsubishielectric Rd78ghv | ||
| Mitsubishielectric Rd78ghw Firmware | <=10 | |
| Mitsubishielectric Rd78ghw |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-14523?
The severity of CVE-2020-14523 is critical with a CVSS score of 9.8.
Which Mitsubishi Electric Factory Automation products are affected by CVE-2020-14523?
Multiple Mitsubishi Electric Factory Automation products are affected, including CW Configurator, FR Configurator2, GX Works2, GX Works3, IU Configuration Tool, IU Developer2, Melsoft IQ Appportal, Melsoft Navigator, MI Configurator, MR Configurator2, MT Works2, MX Component, RT Toolbox3, Rd78g4 Firmware, Rd78g8 Firmware, Rd78g16 Firmware, Rd78g32 Firmware, Rd78g64 Firmware, Rd78ghv Firmware, and Rd78ghw Firmware.
What is the vulnerability of CVE-2020-14523?
CVE-2020-14523 allows an attacker to execute arbitrary code.
Are there any available fixes for CVE-2020-14523?
Mitsubishi Electric has released a security update to address the vulnerability. Please refer to their official advisory for more information.
Where can I find more information about CVE-2020-14523?
You can find more information about CVE-2020-14523 from the Japan Vulnerability Notes (JVN) website, US-CERT advisories, and the official Mitsubishi Electric PSIRT advisory.
- agent/type
- agent/remedy
- agent/author
- agent/weakness
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mitsubishi electric
- canonical/mitsubishi electric cw configurator,versions 1.010l and prior
- canonical/mitsubishi electric fr configurator2, versions 1.22y and prior
- canonical/mitsubishi electric gx works2, versions 1.595v and prior
- canonical/mitsubishi electric gx works3, versions 1.063r and prior
- canonical/mitsubishi electric melsec iq-r series motion module, versions 10 and prior
- canonical/mitsubishi electric melsoft iq appportal, version 1.17t and prior
- canonical/mitsubishi electric melsoft navigator
- vendor/mitsubishielectric
- canonical/mitsubishielectric cw configurator
- version/mitsubishielectric cw configurator/1.010l
- canonical/mitsubishielectric fr configurator2
- version/mitsubishielectric fr configurator2/1.22y
- canonical/mitsubishielectric gx works2
- version/mitsubishielectric gx works2/1.595v
- canonical/mitsubishielectric gx works3
- version/mitsubishielectric gx works3/1.063r
- canonical/mitsubishielectric iu configuration tool
- version/mitsubishielectric iu configuration tool/1.04
- canonical/mitsubishielectric iu developer2
- version/mitsubishielectric iu developer2/1.08
- canonical/mitsubishielectric melsoft iq appportal
- version/mitsubishielectric melsoft iq appportal/1.17t
- version/mitsubishi electric melsoft navigator/2.70y
- canonical/mitsubishielectric mi configurator
- canonical/mitsubishielectric mr configurator2
- version/mitsubishielectric mr configurator2/1.110q
- canonical/mitsubishi electric mt works2
- version/mitsubishi electric mt works2/1.156n
- canonical/mitsubishi electric mx component
- version/mitsubishi electric mx component/4.20w
- canonical/mitsubishielectric rt toolbox3
- version/mitsubishielectric rt toolbox3/1.70y
- canonical/mitsubishielectric rd78g4 firmware
- version/mitsubishielectric rd78g4 firmware/10
- canonical/mitsubishielectric rd78g4
- canonical/mitsubishielectric rd78g8 firmware
- version/mitsubishielectric rd78g8 firmware/10
- canonical/mitsubishielectric rd78g8
- canonical/mitsubishielectric rd78g16 firmware
- version/mitsubishielectric rd78g16 firmware/10
- canonical/mitsubishielectric rd78g16
- canonical/mitsubishielectric rd78g32 firmware
- version/mitsubishielectric rd78g32 firmware/10
- canonical/mitsubishielectric rd78g32
- canonical/mitsubishielectric rd78g64 firmware
- version/mitsubishielectric rd78g64 firmware/10
- canonical/mitsubishielectric rd78g64
- canonical/mitsubishielectric rd78ghv firmware
- version/mitsubishielectric rd78ghv firmware/10
- canonical/mitsubishielectric rd78ghv
- canonical/mitsubishielectric rd78ghw firmware
- version/mitsubishielectric rd78ghw firmware/10
- canonical/mitsubishielectric rd78ghw