CVE-2020-5603
First published: Tue Jun 30 2020(Updated: )
Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Cpu Module Logging Configuration Tool | <=1.94y | |
| Mitsubishielectric Cw Configurator | <=1.010l | |
| Mitsubishielectric Em Configurator | <=1.010l | |
| Mitsubishielectric Gt Designer3 | <=1.221f | |
| Mitsubishielectric Gx Logviewer | <=1.100e | |
| Mitsubishielectric Gx Works2 | <=1.590q | |
| Mitsubishielectric Gx Works3 | <=1.060n | |
| Mitsubishielectric M Commdtm-hart | <=1.01b | |
| Mitsubishielectric M Commdtm-io-link | <=1.03d | |
| Mitsubishielectric Melfa-works | <=4.4 | |
| Mitsubishielectric Melsec-l Flexible High-speed I\/o Control Module Configuration Tool | <=1.005f | |
| Mitsubishielectric Melsoft Fielddeviceconfigurator | <=1.04e | |
| Mitsubishielectric Melsoft Iq Appportal | <=1.14q | |
| Mitsubishielectric Melsoft Navigator | <=2.62q | |
| Mitsubishielectric Mi Configurator | <=1.004e | |
| Mitsubishielectric Motion Control Setting | <=1.006g | |
| Mitsubishielectric Mr Configurator2 | <=1.100e | |
| Mitsubishielectric Mt Works2 | <=1.160s | |
| Mitsubishielectric Rt Toolbox2 | <=3.73b | |
| Mitsubishielectric Rt Toolbox3 | <=1.60n |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5603?
CVE-2020-5603 is an uncontrolled resource consumption vulnerability found in Mitsubishi Electoric FA Engineering Software.
What is the severity of CVE-2020-5603?
CVE-2020-5603 has a severity rating of 7.5 (High).
Which software versions are affected by CVE-2020-5603?
CVE-2020-5603 affects versions 1.94Y and earlier of Mitsubishi Electoric CPU Module Logging Configuration Tool, versions 1.010L and earlier of CW Configurator, versions 1.010L and earlier of EM Software Development Kit (EM Configurator), version 1.221f and earlier of GT Designer3 (GOT2000), version 1.100e and earlier of GX Logviewer, version 1.590q and earlier of GX Works2, version 1.060n and earlier of GX Works3, version 1.01b and earlier of M Commdtm-hart, version 1.03d and earlier of M Commdtm-io-link, version 4.4 and earlier of Melfa-works, version 1.005f and earlier of Melsec-l Flexible High-speed I/o Control Module Configuration Tool, version 1.04e and earlier of Melsoft Fielddeviceconfigurator, version 1.14q and earlier of Melsoft Iq Appportal, version 2.62q and earlier of Melsoft Navigator, version 1.004e and earlier of Mi Configurator, version 1.006g and earlier of Motion Control Setting, version 1.100e and earlier of Mr Configurator2, version 1.160s and earlier of Mt Works2, version 3.73b and earlier of Rt Toolbox2, and version 1.60n and earlier of Rt Toolbox3.
How does CVE-2020-5603 impact the affected software?
CVE-2020-5603 allows an attacker to cause uncontrolled resource consumption in the affected Mitsubishi Electoric FA Engineering Software, potentially leading to system instability or denial of service.
Is there a fix available for CVE-2020-5603?
Yes, Mitsubishi Electoric has released a security update to address CVE-2020-5603. Users are advised to update to the latest patched versions of the affected software.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mitsubishielectric
- canonical/mitsubishielectric cpu module logging configuration tool
- version/mitsubishielectric cpu module logging configuration tool/1.94y
- canonical/mitsubishielectric cw configurator
- version/mitsubishielectric cw configurator/1.010l
- canonical/mitsubishielectric em configurator
- version/mitsubishielectric em configurator/1.010l
- canonical/mitsubishielectric gt designer3
- version/mitsubishielectric gt designer3/1.221f
- canonical/mitsubishielectric gx logviewer
- version/mitsubishielectric gx logviewer/1.100e
- canonical/mitsubishielectric gx works2
- version/mitsubishielectric gx works2/1.590q
- canonical/mitsubishielectric gx works3
- version/mitsubishielectric gx works3/1.060n
- canonical/mitsubishielectric m commdtm-hart
- version/mitsubishielectric m commdtm-hart/1.01b
- canonical/mitsubishielectric m commdtm-io-link
- version/mitsubishielectric m commdtm-io-link/1.03d
- canonical/mitsubishielectric melfa-works
- version/mitsubishielectric melfa-works/4.4
- canonical/mitsubishielectric melsec-l flexible high-speed i\/o control module configuration tool
- version/mitsubishielectric melsec-l flexible high-speed i\/o control module configuration tool/1.005f
- canonical/mitsubishielectric melsoft fielddeviceconfigurator
- version/mitsubishielectric melsoft fielddeviceconfigurator/1.04e
- canonical/mitsubishielectric melsoft iq appportal
- version/mitsubishielectric melsoft iq appportal/1.14q
- canonical/mitsubishielectric melsoft navigator
- version/mitsubishielectric melsoft navigator/2.62q
- canonical/mitsubishielectric mi configurator
- version/mitsubishielectric mi configurator/1.004e
- canonical/mitsubishielectric motion control setting
- version/mitsubishielectric motion control setting/1.006g
- canonical/mitsubishielectric mr configurator2
- version/mitsubishielectric mr configurator2/1.100e
- canonical/mitsubishielectric mt works2
- version/mitsubishielectric mt works2/1.160s
- canonical/mitsubishielectric rt toolbox2
- version/mitsubishielectric rt toolbox2/3.73b
- canonical/mitsubishielectric rt toolbox3
- version/mitsubishielectric rt toolbox3/1.60n