cvelistv5 - CVE-2020-14523

CVE-2020-14523 (GCVE-0-2020-14523)

Vulnerability from cvelistv5 – Published: 2022-02-11 17:40 – Updated: 2025-04-16 18:01

Summary

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

Severity ?

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	x_refsource_MISC
	https://www.mitsubishielectric.com/en/psirt/vulne…	x_refsource_MISC
	https://jvn.jp/vu/JVNVU90224831/	x_refsource_MISC

Impacted products

Vendor

Product

Version

Mitsubishi Electric

CW Configurator

Affected: unspecified , ≤ Version 1.010L (custom)

Mitsubishi Electric	FR Configurator2	Affected: unspecified , ≤ Version 1.22Y (custom)
Mitsubishi Electric	GX Works2	Affected: unspecified , ≤ Version 1.595V (custom)
Mitsubishi Electric	GX Works3	Affected: unspecified , ≤ Version 1.063R (custom)
Mitsubishi Electric	MELSOFT iQ AppPortal	Affected: unspecified , ≤ Version 1.17T (custom)
Mitsubishi Electric	MELSOFT Navigator	Affected: unspecified , ≤ Version2.70Y (custom)
Mitsubishi Electric	MI Configurator	Affected: All Versions
Mitsubishi Electric	MR Configurator2	Affected: unspecified , ≤ Version 1.110Q (custom)
Mitsubishi Electric	MT Works2	Affected: unspecified , ≤ Versions 1.156N (custom)
Mitsubishi Electric	MX Component	Affected: unspecified , ≤ Version 4.20W (custom)
Mitsubishi Electric	RT ToolBox3	Affected: unspecified , ≤ Versions 1.70Y (custom)
Mitsubishi Electric	MELSEC iQ-R Series Motion Module	Affected: unspecified , ≤ Versions 10 (custom)

Credits

Mashav Sapir of Claroty reported this vulnerability to CISA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU90224831/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14523",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T17:31:26.782063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T18:01:22.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CW Configurator",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version 1.010L",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "FR Configurator2",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version 1.22Y",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "GX Works2",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version 1.595V",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "GX Works3",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version 1.063R",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MELSOFT iQ AppPortal",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version 1.17T",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MELSOFT Navigator",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version2.70Y",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MI Configurator",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "product": "MR Configurator2",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version 1.110Q",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MT Works2",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Versions 1.156N",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MX Component",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Version 4.20W",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "RT ToolBox3",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Versions 1.70Y",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MELSEC iQ-R Series Motion Module",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "Versions 10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mashav Sapir of Claroty reported this vulnerability to CISA"
        }
      ],
      "datePublic": "2020-07-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-18T23:17:23.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU90224831/"
        }
      ],
      "source": {
        "advisory": "ICSA-20-212-03",
        "discovery": "UNKNOWN"
      },
      "title": "Mitsubishi Electric Factory Automation Products Path Traversal",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2020-07-30T16:50:00.000Z",
          "ID": "CVE-2020-14523",
          "STATE": "PUBLIC",
          "TITLE": "Mitsubishi Electric Factory Automation Products Path Traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CW Configurator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 1.010L"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FR Configurator2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 1.22Y"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GX Works2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 1.595V"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GX Works3",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 1.063R"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MELSOFT iQ AppPortal",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 1.17T"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MELSOFT Navigator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version2.70Y"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MI Configurator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "All Versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MR Configurator2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 1.110Q"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MT Works2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Versions 1.156N"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MX Component",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 4.20W"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RT ToolBox3",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Versions 1.70Y"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MELSEC iQ-R Series Motion Module",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Versions 10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Mashav Sapir of Claroty reported this vulnerability to CISA"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU90224831/",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU90224831/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en"
          }
        ],
        "source": {
          "advisory": "ICSA-20-212-03",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-14523",
    "datePublished": "2022-02-11T17:40:29.187Z",
    "dateReserved": "2020-06-19T00:00:00.000Z",
    "dateUpdated": "2025-04-16T18:01:22.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.010l\", \"matchCriteriaId\": \"892E3CDC-AFC4-4EF1-AF46-3F161603DDB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.22y\", \"matchCriteriaId\": \"87549502-D224-408D-8C66-41F5E8F7743A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.595v\", \"matchCriteriaId\": \"015EB163-A5D6-4C55-8038-59823B7FF49F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.063r\", \"matchCriteriaId\": \"AE537EF6-72AE-4091-AF6E-9959C3F45632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:iu_configuration_tool:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.04\", \"matchCriteriaId\": \"83B09E17-9CFF-4231-AE28-FB9D99332BCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:iu_developer2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.08\", \"matchCriteriaId\": \"D449D560-C64A-48B0-B1BB-31800FF3062E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.17t\", \"matchCriteriaId\": \"8F2EA556-367B-4F32-99D2-C685742CCAEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.70y\", \"matchCriteriaId\": \"FF88C6B0-5641-488E-9AE2-6AF479EB10BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A661B972-912C-4DAA-9518-CC01E0EB1A81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.110q\", \"matchCriteriaId\": \"50DAB8A0-E2F3-496A-B6B6-22E4243D104C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.156n\", \"matchCriteriaId\": \"04FF09A2-B1C0-4A65-A420-22A044B7F2CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.20w\", \"matchCriteriaId\": \"A0C9B5B3-D4F6-4E00-89B4-964516BB989B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.70y\", \"matchCriteriaId\": \"463E3740-A618-45A6-9C30-6FBC28077123\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rd78g4_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"BEAB1838-A2E2-4D12-A216-68DD9E4624CF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rd78g4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9B1BA74-5B02-400C-AA98-AFB29E848299\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rd78g8_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"E213C893-9C88-42C1-BE32-634D7BB84AD6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rd78g8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8467C47A-2798-43FA-B132-A774B1148FC0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rd78g16_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"389EBE60-F4CF-4E82-975D-44DCBAC74929\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rd78g16:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F671BBC-41EE-41FF-87B1-36DBFA7A4BAD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rd78g32_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"2325BC60-32F9-46CA-8035-7E88360C15A1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rd78g32:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81DD3BFA-9E3A-4FAB-AB7B-6CC365628877\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rd78g64_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"DC759E3E-6D0A-4BA5-AB2E-38947331C5B2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rd78g64:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0A92E26-C302-4285-BED1-7B8637E252DA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rd78ghv_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"D70552B7-C943-43B0-B5BD-ED43A853657E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rd78ghv:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12E5533D-15A8-471B-899B-FE9F9655EE8F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rd78ghw_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"BA2C0DCD-65E6-4B93-B92F-E4FE46CCA58C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rd78ghw:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B5C3119-7579-4623-8513-65A281BDF0D1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"diversos productos de Mitsubishi Electric Factory Automation presentan una vulnerabilidad que permite a un atacante ejecutar c\\u00f3digo arbitrario\"}]",
      "id": "CVE-2020-14523",
      "lastModified": "2024-11-21T05:03:27.300",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-11T18:15:08.577",
      "references": "[{\"url\": \"https://jvn.jp/vu/JVNVU90224831/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU90224831/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-14523\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-02-11T18:15:08.577\",\"lastModified\":\"2024-11-21T05:03:27.300\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"diversos productos de Mitsubishi Electric Factory Automation presentan una vulnerabilidad que permite a un atacante ejecutar c\u00f3digo arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.010l\",\"matchCriteriaId\":\"892E3CDC-AFC4-4EF1-AF46-3F161603DDB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.22y\",\"matchCriteriaId\":\"87549502-D224-408D-8C66-41F5E8F7743A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.595v\",\"matchCriteriaId\":\"015EB163-A5D6-4C55-8038-59823B7FF49F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.063r\",\"matchCriteriaId\":\"AE537EF6-72AE-4091-AF6E-9959C3F45632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:iu_configuration_tool:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.04\",\"matchCriteriaId\":\"83B09E17-9CFF-4231-AE28-FB9D99332BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:iu_developer2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.08\",\"matchCriteriaId\":\"D449D560-C64A-48B0-B1BB-31800FF3062E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.17t\",\"matchCriteriaId\":\"8F2EA556-367B-4F32-99D2-C685742CCAEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.70y\",\"matchCriteriaId\":\"FF88C6B0-5641-488E-9AE2-6AF479EB10BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A661B972-912C-4DAA-9518-CC01E0EB1A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.110q\",\"matchCriteriaId\":\"50DAB8A0-E2F3-496A-B6B6-22E4243D104C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.156n\",\"matchCriteriaId\":\"04FF09A2-B1C0-4A65-A420-22A044B7F2CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.20w\",\"matchCriteriaId\":\"A0C9B5B3-D4F6-4E00-89B4-964516BB989B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.70y\",\"matchCriteriaId\":\"463E3740-A618-45A6-9C30-6FBC28077123\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rd78g4_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"BEAB1838-A2E2-4D12-A216-68DD9E4624CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rd78g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B1BA74-5B02-400C-AA98-AFB29E848299\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rd78g8_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"E213C893-9C88-42C1-BE32-634D7BB84AD6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rd78g8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8467C47A-2798-43FA-B132-A774B1148FC0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rd78g16_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"389EBE60-F4CF-4E82-975D-44DCBAC74929\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rd78g16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F671BBC-41EE-41FF-87B1-36DBFA7A4BAD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rd78g32_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"2325BC60-32F9-46CA-8035-7E88360C15A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rd78g32:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81DD3BFA-9E3A-4FAB-AB7B-6CC365628877\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rd78g64_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"DC759E3E-6D0A-4BA5-AB2E-38947331C5B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rd78g64:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0A92E26-C302-4285-BED1-7B8637E252DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rd78ghv_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"D70552B7-C943-43B0-B5BD-ED43A853657E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rd78ghv:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12E5533D-15A8-471B-899B-FE9F9655EE8F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rd78ghw_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"BA2C0DCD-65E6-4B93-B92F-E4FE46CCA58C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rd78ghw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B5C3119-7579-4623-8513-65A281BDF0D1\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU90224831/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU90224831/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU90224831/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T12:46:34.640Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-14523\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T17:31:26.782063Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T17:31:28.177Z\"}}], \"cna\": {\"title\": \"Mitsubishi Electric Factory Automation Products Path Traversal\", \"source\": {\"advisory\": \"ICSA-20-212-03\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Mashav Sapir of Claroty reported this vulnerability to CISA\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Mitsubishi Electric\", \"product\": \"CW Configurator\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version 1.010L\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"FR Configurator2\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version 1.22Y\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"GX Works2\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version 1.595V\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"GX Works3\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version 1.063R\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"MELSOFT iQ AppPortal\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version 1.17T\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"MELSOFT Navigator\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version2.70Y\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"MI Configurator\", \"versions\": [{\"status\": \"affected\", \"version\": \"All Versions\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"MR Configurator2\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version 1.110Q\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"MT Works2\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Versions 1.156N\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"MX Component\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Version 4.20W\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"RT ToolBox3\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Versions 1.70Y\"}]}, {\"vendor\": \"Mitsubishi Electric\", \"product\": \"MELSEC iQ-R Series Motion Module\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Versions 10\"}]}], \"datePublic\": \"2020-07-30T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU90224831/\", \"tags\": [\"x_refsource_MISC\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-02-18T23:17:23.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Mashav Sapir of Claroty reported this vulnerability to CISA\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"ICSA-20-212-03\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Version 1.010L\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"CW Configurator\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Version 1.22Y\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"FR Configurator2\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Version 1.595V\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"GX Works2\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Version 1.063R\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"GX Works3\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Version 1.17T\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"MELSOFT iQ AppPortal\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Version2.70Y\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"MELSOFT Navigator\"}, {\"version\": {\"version_data\": [{\"version_value\": \"All Versions\", \"version_affected\": \"=\"}]}, \"product_name\": \"MI Configurator\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Version 1.110Q\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"MR Configurator2\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Versions 1.156N\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"MT Works2\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Version 4.20W\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"MX Component\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Versions 1.70Y\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"RT ToolBox3\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Versions 10\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"MELSEC iQ-R Series Motion Module\"}]}, \"vendor_name\": \"Mitsubishi Electric\"}]}}, \"solution\": [{\"lang\": \"en\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\", \"name\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf\", \"refsource\": \"MISC\"}, {\"url\": \"https://jvn.jp/vu/JVNVU90224831/\", \"name\": \"https://jvn.jp/vu/JVNVU90224831/\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-14523\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Mitsubishi Electric Factory Automation Products Path Traversal\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\", \"DATE_PUBLIC\": \"2020-07-30T16:50:00.000Z\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-14523\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T18:01:22.616Z\", \"dateReserved\": \"2020-06-19T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-02-11T17:40:29.187Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ICSA-20-212-03

Vulnerability from csaf_cisa - Published: 2020-07-30 00:00 - Updated: 2021-05-27 00:00

Summary

Mitsubishi Electric Factory Automation Products Path Traversal (Update C)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, tamper the information, and cause a denial-of-service condition.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Mashav Sapir"
        ],
        "organization": "Claroty",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, tamper the information, and cause a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-212-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-212-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-212-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-212-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ncas/tips/ST04-014"
      }
    ],
    "title": "Mitsubishi Electric Factory Automation Products Path Traversal (Update C)",
    "tracking": {
      "current_release_date": "2021-05-27T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-212-03",
      "initial_release_date": "2020-07-30T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-07-30T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-212-03 Mitsubishi Electric Factory Automation Engineering Products Path Traversal"
        },
        {
          "date": "2021-01-14T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-20-212-03 Mitsubishi Electric Factory Automation Products Path Traversal (Update A)"
        },
        {
          "date": "2021-05-27T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-20-212-03 Mitsubishi Electric Factory Automation Products Path Traversal (Update B)"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.595V",
                "product": {
                  "name": "GX Works2: Versions 1.595V and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "GX Works2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.156N",
                "product": {
                  "name": "MT Works2 Versions: 1.156N and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MT Works2 Versions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 10",
                "product": {
                  "name": "MELSEC iQ-R Series Motion Module: Versions 10 and prior",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R Series Motion Module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.22Y",
                "product": {
                  "name": "FR Configurator2: Versions 1.22Y and prior",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "FR Configurator2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.010L",
                "product": {
                  "name": "CW Configurator: Versions 1.010L and prior",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "CW Configurator"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.004E",
                "product": {
                  "name": "MI Configurator versions: 1.004E and prior",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "MI Configurator versions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 2.70Y",
                "product": {
                  "name": "MELSOFT Navigator: 2.70Y and prior",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSOFT Navigator"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.70Y",
                "product": {
                  "name": "RT ToolBox3 Versions: 1.70Y and prior",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "RT ToolBox3 Versions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.063R",
                "product": {
                  "name": "GX Works3: Versions 1.063R and prior",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "GX Works3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.110Q",
                "product": {
                  "name": "MR Configurator2 Version: 1.110Q and prior",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "MR Configurator2 Version"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.17T",
                "product": {
                  "name": "MELSOFT iQ AppPortal: Version 1.17T and prior",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSOFT iQ AppPortal"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 4.20W",
                "product": {
                  "name": "MX Component Version: 4.20W and prior",
                  "product_id": "CSAFPID-00012"
                }
              }
            ],
            "category": "product_name",
            "name": "MX Component Version"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14523",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.CVE-2020-14523 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14523"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "CW Configurator: Version 1.011M or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "FR Configurator2: Version 1.23Z or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "GX Works2: Version 1.596W or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "GX Works3: Version 1.065T or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "MELSEC iQ-R Series Motion Module: Version 12 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "MELSOFT iQ AppPortal: Version 1.20W or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "MELSOFT Navigator: Versions 2.74C or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "MI Configurator: Versions 1.005F or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "MR Configurator2: Versions 1.115V or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "MT Works2: Versions 1.160S or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "MX Component: Versions 4.21X or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "RT ToolBox3: Versions 1.80J or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/index.html"
        },
        {
          "category": "mitigation",
          "details": "Reference Mitsubishi Electric",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Make sure the file is obtained from the correct acquisition route when receiving a project file or a configuration data file from another person via email, USB memory, file server, etc.; or check that there is no file of unknown source.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Operate the products under an account that does not have administrator privileges. Except for MELSEC iQ-R Series Motion Module.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Install an antivirus software in computers using the products. Except for MELSEC iQ-R Series Motion Module.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict network exposure for all control system devices or systems to the minimum necessary and ensure they are not accessible from untrusted networks and hosts.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Locate control system networks and remote devices behind firewalls and isolate them from the business network.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use virtual private network (VPN) when remote access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Additional information about the vulnerability or Mitsubishi Electric\u0027s compensating control is available by contacting a Mitsubishi Electric representative.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        }
      ]
    }
  ]
}

GHSA-Q9W7-F293-J9P6

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-02-19 00:01

Details

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-11T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.",
  "id": "GHSA-q9w7-f293-j9p6",
  "modified": "2022-02-19T00:01:53Z",
  "published": "2022-02-12T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14523"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU90224831"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-14523

Vulnerability from fkie_nvd - Published: 2022-02-11 18:15 - Updated: 2024-11-21 05:03

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

References

URL	Tags
ics-cert@hq.dhs.gov	https://jvn.jp/vu/JVNVU90224831/	Third Party Advisory
ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03	Patch, Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU90224831/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	cw_configurator	*
mitsubishielectric	fr_configurator2	*
mitsubishielectric	gx_works2	*
mitsubishielectric	gx_works3	*
mitsubishielectric	iu_configuration_tool	*
mitsubishielectric	iu_developer2	*
mitsubishielectric	melsoft_iq_appportal	*
mitsubishielectric	melsoft_navigator	*
mitsubishielectric	mi_configurator	*
mitsubishielectric	mr_configurator2	*
mitsubishielectric	mt_works2	*
mitsubishielectric	mx_component	*
mitsubishielectric	rt_toolbox3	*
mitsubishielectric	rd78g4_firmware	*
mitsubishielectric	rd78g4	-
mitsubishielectric	rd78g8_firmware	*
mitsubishielectric	rd78g8	-
mitsubishielectric	rd78g16_firmware	*
mitsubishielectric	rd78g16	-
mitsubishielectric	rd78g32_firmware	*
mitsubishielectric	rd78g32	-
mitsubishielectric	rd78g64_firmware	*
mitsubishielectric	rd78g64	-
mitsubishielectric	rd78ghv_firmware	*
mitsubishielectric	rd78ghv	-
mitsubishielectric	rd78ghw_firmware	*
mitsubishielectric	rd78ghw	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "892E3CDC-AFC4-4EF1-AF46-3F161603DDB1",
              "versionEndIncluding": "1.010l",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87549502-D224-408D-8C66-41F5E8F7743A",
              "versionEndIncluding": "1.22y",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "015EB163-A5D6-4C55-8038-59823B7FF49F",
              "versionEndIncluding": "1.595v",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE537EF6-72AE-4091-AF6E-9959C3F45632",
              "versionEndIncluding": "1.063r",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:iu_configuration_tool:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B09E17-9CFF-4231-AE28-FB9D99332BCB",
              "versionEndIncluding": "1.04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:iu_developer2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D449D560-C64A-48B0-B1BB-31800FF3062E",
              "versionEndIncluding": "1.08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2EA556-367B-4F32-99D2-C685742CCAEE",
              "versionEndIncluding": "1.17t",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF88C6B0-5641-488E-9AE2-6AF479EB10BF",
              "versionEndIncluding": "2.70y",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A661B972-912C-4DAA-9518-CC01E0EB1A81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50DAB8A0-E2F3-496A-B6B6-22E4243D104C",
              "versionEndIncluding": "1.110q",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04FF09A2-B1C0-4A65-A420-22A044B7F2CD",
              "versionEndIncluding": "1.156n",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0C9B5B3-D4F6-4E00-89B4-964516BB989B",
              "versionEndIncluding": "4.20w",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "463E3740-A618-45A6-9C30-6FBC28077123",
              "versionEndIncluding": "1.70y",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rd78g4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAB1838-A2E2-4D12-A216-68DD9E4624CF",
              "versionEndIncluding": "10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rd78g4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B1BA74-5B02-400C-AA98-AFB29E848299",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rd78g8_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E213C893-9C88-42C1-BE32-634D7BB84AD6",
              "versionEndIncluding": "10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rd78g8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8467C47A-2798-43FA-B132-A774B1148FC0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rd78g16_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "389EBE60-F4CF-4E82-975D-44DCBAC74929",
              "versionEndIncluding": "10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rd78g16:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F671BBC-41EE-41FF-87B1-36DBFA7A4BAD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rd78g32_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2325BC60-32F9-46CA-8035-7E88360C15A1",
              "versionEndIncluding": "10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rd78g32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81DD3BFA-9E3A-4FAB-AB7B-6CC365628877",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rd78g64_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC759E3E-6D0A-4BA5-AB2E-38947331C5B2",
              "versionEndIncluding": "10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rd78g64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0A92E26-C302-4285-BED1-7B8637E252DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rd78ghv_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D70552B7-C943-43B0-B5BD-ED43A853657E",
              "versionEndIncluding": "10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rd78ghv:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E5533D-15A8-471B-899B-FE9F9655EE8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rd78ghw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2C0DCD-65E6-4B93-B92F-E4FE46CCA58C",
              "versionEndIncluding": "10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rd78ghw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B5C3119-7579-4623-8513-65A281BDF0D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "diversos productos de Mitsubishi Electric Factory Automation presentan una vulnerabilidad que permite a un atacante ejecutar c\u00f3digo arbitrario"
    }
  ],
  "id": "CVE-2020-14523",
  "lastModified": "2024-11-21T05:03:27.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-11T18:15:08.577",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU90224831/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU90224831/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-14523

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

Aliases

CVE-2020-14523

Aliases

CVE-2020-14523

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14523",
    "description": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.",
    "id": "GSD-2020-14523"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14523"
      ],
      "details": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.",
      "id": "GSD-2020-14523",
      "modified": "2023-12-13T01:21:59.632106Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2020-07-30T16:50:00.000Z",
        "ID": "CVE-2020-14523",
        "STATE": "PUBLIC",
        "TITLE": "Mitsubishi Electric Factory Automation Products Path Traversal"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "CW Configurator",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version 1.010L"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "FR Configurator2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version 1.22Y"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "GX Works2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version 1.595V"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "GX Works3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version 1.063R"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSOFT iQ AppPortal",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version 1.17T"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSOFT Navigator",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version2.70Y"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MI Configurator",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All Versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MR Configurator2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version 1.110Q"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MT Works2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Versions 1.156N"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MX Component",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Version 4.20W"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "RT ToolBox3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Versions 1.70Y"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R Series Motion Module",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "Versions 10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Mashav Sapir of Claroty reported this vulnerability to CISA"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
          },
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU90224831/",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU90224831/"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng"
        }
      ],
      "source": {
        "advisory": "ICSA-20-212-03",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.010l",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.22y",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.595v",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.063r",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:iu_configuration_tool:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.04",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:iu_developer2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.08",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.17t",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.70y",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.110q",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.156n",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.20w",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.70y",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rd78g4_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rd78g4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rd78g8_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rd78g8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rd78g16_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rd78g16:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rd78g32_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rd78g32:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rd78g64_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rd78g64:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rd78ghv_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rd78ghv:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rd78ghw_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rd78ghw:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-14523"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU90224831/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/vu/JVNVU90224831/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-03-01T16:20Z",
      "publishedDate": "2022-02-11T18:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-14523 (GCVE-0-2020-14523)

ICSA-20-212-03

GHSA-Q9W7-F293-J9P6

FKIE_CVE-2020-14523

GSD-2020-14523

Tags

Sightings

Nomenclature