CVE-2020-5602: XEE
First published: Tue Jun 30 2020(Updated: )
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Cpu Module Logging Configuration Tool | <=1.94y | |
| Mitsubishielectric Cw Configurator | <=1.010l | |
| Mitsubishielectric Em Configurator | <=1.010l | |
| Mitsubishielectric Gt Designer3 | <=1.221f | |
| Mitsubishielectric Gx Logviewer | <=1.100e | |
| Mitsubishielectric Gx Works2 | <=1.590q | |
| Mitsubishielectric Gx Works3 | <=1.060n | |
| Mitsubishielectric M Commdtm-hart | <=1.01b | |
| Mitsubishielectric M Commdtm-io-link | <=1.03d | |
| Mitsubishielectric Melfa-works | <=4.4 | |
| Mitsubishielectric Melsec-l Flexible High-speed I\/o Control Module Configuration Tool | <=1.005f | |
| Mitsubishielectric Melsoft Fielddeviceconfigurator | <=1.04e | |
| Mitsubishielectric Melsoft Iq Appportal | <=1.14q | |
| Mitsubishielectric Melsoft Navigator | <=2.62q | |
| Mitsubishielectric Mi Configurator | <=1.004e | |
| Mitsubishielectric Motion Control Setting | <=1.006g | |
| Mitsubishielectric Mr Configurator2 | <=1.100e | |
| Mitsubishielectric Mt Works2 | <=1.160s | |
| Mitsubishielectric Rt Toolbox2 | <=3.73b | |
| Mitsubishielectric Rt Toolbox3 | <=1.60n |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5602?
The severity of CVE-2020-5602 is high with a CVSS score of 7.5.
Which software versions are affected by CVE-2020-5602?
The affected software versions for CVE-2020-5602 include Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier.
Are there any known fixes for CVE-2020-5602?
Yes, please refer to the Mitsubishi Electric PSIRT advisory for information on available fixes for CVE-2020-5602.
Can you provide more information about CVE-2020-5602?
CVE-2020-5602 is a vulnerability that allows an attacker to execute arbitrary code or cause a denial of service on affected Mitsubishi Electric FA Engineering Software.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-5602?
The Common Weakness Enumeration (CWE) ID for CVE-2020-5602 is 611.
- collector/nvd-index
- agent/author
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- vendor/mitsubishielectric
- canonical/mitsubishielectric cpu module logging configuration tool
- version/mitsubishielectric cpu module logging configuration tool/1.94y
- canonical/mitsubishielectric cw configurator
- version/mitsubishielectric cw configurator/1.010l
- canonical/mitsubishielectric em configurator
- version/mitsubishielectric em configurator/1.010l
- canonical/mitsubishielectric gt designer3
- version/mitsubishielectric gt designer3/1.221f
- canonical/mitsubishielectric gx logviewer
- version/mitsubishielectric gx logviewer/1.100e
- canonical/mitsubishielectric gx works2
- version/mitsubishielectric gx works2/1.590q
- canonical/mitsubishielectric gx works3
- version/mitsubishielectric gx works3/1.060n
- canonical/mitsubishielectric m commdtm-hart
- version/mitsubishielectric m commdtm-hart/1.01b
- canonical/mitsubishielectric m commdtm-io-link
- version/mitsubishielectric m commdtm-io-link/1.03d
- canonical/mitsubishielectric melfa-works
- version/mitsubishielectric melfa-works/4.4
- canonical/mitsubishielectric melsec-l flexible high-speed i\/o control module configuration tool
- version/mitsubishielectric melsec-l flexible high-speed i\/o control module configuration tool/1.005f
- canonical/mitsubishielectric melsoft fielddeviceconfigurator
- version/mitsubishielectric melsoft fielddeviceconfigurator/1.04e
- canonical/mitsubishielectric melsoft iq appportal
- version/mitsubishielectric melsoft iq appportal/1.14q
- canonical/mitsubishielectric melsoft navigator
- version/mitsubishielectric melsoft navigator/2.62q
- canonical/mitsubishielectric mi configurator
- version/mitsubishielectric mi configurator/1.004e
- canonical/mitsubishielectric motion control setting
- version/mitsubishielectric motion control setting/1.006g
- canonical/mitsubishielectric mr configurator2
- version/mitsubishielectric mr configurator2/1.100e
- canonical/mitsubishielectric mt works2
- version/mitsubishielectric mt works2/1.160s
- canonical/mitsubishielectric rt toolbox2
- version/mitsubishielectric rt toolbox2/3.73b
- canonical/mitsubishielectric rt toolbox3
- version/mitsubishielectric rt toolbox3/1.60n