CVE-2020-5602: XEE
First published: Tue Jun 30 2020(Updated: )
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric CPU Module Logging Configuration Tool | <=1.94y | |
| Mitsubishi Electric CW Configurator | <=1.010l | |
| Mitsubishi Electric Em Configurator | <=1.010l | |
| Mitsubishi Electric GT Designer 3 | <=1.221f | |
| Mitsubishi Electric GX LogViewer | <=1.100e | |
| Mitsubishi Electric GX Works2 | <=1.590q | |
| Mitsubishi Electric GX Works3 | <=1.060n | |
| Mitsubishi Electric M Commdtm-HART | <=1.01b | |
| Mitsubishi Electric M Commdtm IO-Link | <=1.03d | |
| Mitsubishi Electric MELFA-Works | <=4.4 | |
| Mitsubishi Electric Melsec-L Flexible High-speed I/O Control Module Configuration Tool | <=1.005f | |
| Mitsubishi Electric MELSOFT FieldDeviceConfigurator | <=1.04e | |
| Mitsubishi Electric Melsoft IQ AppPortal | <=1.14q | |
| Mitsubishi Electric iQ Works (MELSOFT Navigator) | <=2.62q | |
| Mitsubishi Electric MI Configurator | <=1.004e | |
| Mitsubishi Electric Motion Control Setting | <=1.006g | |
| Mitsubishi Electric MR Configurator2 | <=1.100e | |
| Mitsubishi Electric MT Works2 | <=1.160s | |
| Mitsubishi Electric RT Toolbox2 | <=3.73b | |
| Mitsubishi Electric RT Toolbox 3 | <=1.60n |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5602?
The severity of CVE-2020-5602 is high with a CVSS score of 7.5.
Which software versions are affected by CVE-2020-5602?
The affected software versions for CVE-2020-5602 include Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier.
Are there any known fixes for CVE-2020-5602?
Yes, please refer to the Mitsubishi Electric PSIRT advisory for information on available fixes for CVE-2020-5602.
Can you provide more information about CVE-2020-5602?
CVE-2020-5602 is a vulnerability that allows an attacker to execute arbitrary code or cause a denial of service on affected Mitsubishi Electric FA Engineering Software.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-5602?
The Common Weakness Enumeration (CWE) ID for CVE-2020-5602 is 611.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishi electric cpu module logging configuration tool
- version/mitsubishi electric cpu module logging configuration tool/1.94y
- canonical/mitsubishi electric cw configurator
- version/mitsubishi electric cw configurator/1.010l
- canonical/mitsubishi electric em configurator
- version/mitsubishi electric em configurator/1.010l
- canonical/mitsubishi electric gt designer 3
- version/mitsubishi electric gt designer 3/1.221f
- canonical/mitsubishi electric gx logviewer
- version/mitsubishi electric gx logviewer/1.100e
- canonical/mitsubishi electric gx works2
- version/mitsubishi electric gx works2/1.590q
- canonical/mitsubishi electric gx works3
- version/mitsubishi electric gx works3/1.060n
- canonical/mitsubishi electric m commdtm-hart
- version/mitsubishi electric m commdtm-hart/1.01b
- canonical/mitsubishi electric m commdtm io-link
- version/mitsubishi electric m commdtm io-link/1.03d
- canonical/mitsubishi electric melfa-works
- version/mitsubishi electric melfa-works/4.4
- canonical/mitsubishi electric melsec-l flexible high-speed i/o control module configuration tool
- version/mitsubishi electric melsec-l flexible high-speed i/o control module configuration tool/1.005f
- canonical/mitsubishi electric melsoft fielddeviceconfigurator
- version/mitsubishi electric melsoft fielddeviceconfigurator/1.04e
- canonical/mitsubishi electric melsoft iq appportal
- version/mitsubishi electric melsoft iq appportal/1.14q
- canonical/mitsubishi electric iq works (melsoft navigator)
- version/mitsubishi electric iq works (melsoft navigator)/2.62q
- canonical/mitsubishi electric mi configurator
- version/mitsubishi electric mi configurator/1.004e
- canonical/mitsubishi electric motion control setting
- version/mitsubishi electric motion control setting/1.006g
- canonical/mitsubishi electric mr configurator2
- version/mitsubishi electric mr configurator2/1.100e
- canonical/mitsubishi electric mt works2
- version/mitsubishi electric mt works2/1.160s
- canonical/mitsubishi electric rt toolbox2
- version/mitsubishi electric rt toolbox2/3.73b
- canonical/mitsubishi electric rt toolbox 3
- version/mitsubishi electric rt toolbox 3/1.60n