cvelistv5 - cve-2020-5594

CVE-2020-5594 (GCVE-0-2020-5594)

Vulnerability from cvelistv5 – Published: 2020-06-23 07:35 – Updated: 2024-08-04 08:30

Summary

Severity ?

No CVSS data available.

CWE

Cleartext Transmission of Sensitive Information

Assigner

jpcert

References

URL

Tags

	https://www.mitsubishielectric.com/en/psirt/vulne…	x_refsource_MISC
	https://www.mitsubishielectric.co.jp/psirt/vulner…	x_refsource_MISC
	https://jvn.jp/en/vu/JVNVU91424496/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Mitsubishi Electric Corporation	MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules	Affected: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-23T07:35:23",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cleartext Transmission of Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
            },
            {
              "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
            },
            {
              "name": "https://jvn.jp/en/vu/JVNVU91424496/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5594",
    "datePublished": "2020-06-23T07:35:23",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:30:24.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F2A20BD-77FE-42A3-9AC6-597470CD1212\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71CC1A84-A51D-4E56-BA7A-9C1D21DDF8D1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1644AECC-4A04-4209-9654-668D6B3B093B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"175AA161-6775-4715-85A2-4AD426D131F5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1047B633-7FE4-47C2-846F-5878DA5D3038\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"418EA7F6-FB8D-4192-8BEC-E34BBF98400A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93701E98-1A2C-45EE-933F-2FA9D803A875\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCADAD32-6840-45C7-94E1-DD7BE0A59417\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25DCC54F-CA89-41BC-8C3F-89084911956D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"455C03F1-8A83-493D-9DAD-F7D0950105AF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Todos los m\\u00f3dulos de CPU de las series Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L y FX, contienen una vulnerabilidad que permite la transmisi\\u00f3n de informaci\\u00f3n confidencial entre m\\u00f3dulos de CPU y GX Works3 y/o GX Works2 por medio de vectores no especificados\"}]",
      "id": "CVE-2020-5594",
      "lastModified": "2024-11-21T05:34:19.893",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-23T08:15:10.487",
      "references": "[{\"url\": \"https://jvn.jp/en/vu/JVNVU91424496/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/vu/JVNVU91424496/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5594\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-06-23T08:15:10.487\",\"lastModified\":\"2024-11-21T05:34:19.893\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Todos los m\u00f3dulos de CPU de las series Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L y FX, contienen una vulnerabilidad que permite la transmisi\u00f3n de informaci\u00f3n confidencial entre m\u00f3dulos de CPU y GX Works3 y/o GX Works2 por medio de vectores no especificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F2A20BD-77FE-42A3-9AC6-597470CD1212\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71CC1A84-A51D-4E56-BA7A-9C1D21DDF8D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1644AECC-4A04-4209-9654-668D6B3B093B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"175AA161-6775-4715-85A2-4AD426D131F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1047B633-7FE4-47C2-846F-5878DA5D3038\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"418EA7F6-FB8D-4192-8BEC-E34BBF98400A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93701E98-1A2C-45EE-933F-2FA9D803A875\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCADAD32-6840-45C7-94E1-DD7BE0A59417\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25DCC54F-CA89-41BC-8C3F-89084911956D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"455C03F1-8A83-493D-9DAD-F7D0950105AF\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU91424496/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/vu/JVNVU91424496/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2020-46802

Vulnerability from cnvd - Published: 2020-08-19

Title

多款Mitsubishi Electric产品存在未明漏洞

Description

Mitsubishi Electric MELSEC iQ-R series等都是日本三菱电机（Mitsubishi Electric）公司的一款可编程逻辑控制器。多款Mitsubishi Electric产品中存在安全漏洞，该漏洞源于CPU模块与GX Works3或GX Works2之间采用明文通信，攻击者可利用该漏洞窃听/篡改通信数据，执行未授权的操作，造成拒绝服务。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.mitsubishielectric.com/

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01

Impacted products

Name
['Mitsubishi Electric MELSEC FX', 'Mitsubishi Electric MELSEC iQ-R', 'Mitsubishi Electric MELSEC iQ-F', 'Mitsubishi Electric MELSEC Q', 'Mitsubishi Electric MELSEC L']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5594"
    }
  },
  "description": "Mitsubishi Electric MELSEC iQ-R series\u7b49\u90fd\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\uff08Mitsubishi Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\n\n\u591a\u6b3eMitsubishi Electric\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eCPU\u6a21\u5757\u4e0eGX Works3\u6216GX Works2\u4e4b\u95f4\u91c7\u7528\u660e\u6587\u901a\u4fe1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u542c/\u7be1\u6539\u901a\u4fe1\u6570\u636e\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.mitsubishielectric.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-46802",
  "openTime": "2020-08-19",
  "products": {
    "product": [
      "Mitsubishi Electric MELSEC FX",
      "Mitsubishi Electric MELSEC iQ-R",
      "Mitsubishi Electric MELSEC iQ-F",
      "Mitsubishi Electric MELSEC Q",
      "Mitsubishi Electric MELSEC L"
    ]
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-24",
  "title": "\u591a\u6b3eMitsubishi Electric\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

JVNDB-2020-005854

Vulnerability from jvndb - Published: 2020-06-24 10:32 - Updated:2020-06-24 10:32

Severity ?

10.0 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information

Details

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU91424496/
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5594
	ICS-CERT ADVISORY	https://www.us-cert.gov/ics/advisories/icsa-20-175-01
	Cleartext Transmission of Sensitive Information(CWE-319)	https://cwe.mitre.org/data/definitions/319.html

Impacted products

Vendor

Product

	Mitsubishi Electric	MELSEC FX series
	Mitsubishi Electric	MELSEC L series
	Mitsubishi Electric	MELSEC Q series
	Mitsubishi Electric	MELSEC iQ-F series
	Mitsubishi Electric	MELSEC iQ-R series

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
  "dc:date": "2020-06-24T10:32+09:00",
  "dcterms:issued": "2020-06-24T10:32+09:00",
  "dcterms:modified": "2020-06-24T10:32+09:00",
  "description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:mitsubishielectric:melsec-fx_firmware",
      "@product": "MELSEC FX series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
      "@product": "MELSEC L series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
      "@product": "MELSEC Q series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
      "@product": "MELSEC iQ-F series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
      "@product": "MELSEC iQ-R series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2020-005854",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU91424496/",
      "@id": "JVNVU#91424496",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594",
      "@id": "CVE-2020-5594",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594",
      "@id": "CVE-2020-5594",
      "@source": "NVD"
    },
    {
      "#text": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01",
      "@id": "ICSA-20-175-01",
      "@source": "ICS-CERT ADVISORY"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/319.html",
      "@id": "CWE-319",
      "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
    }
  ],
  "title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information"
}

ICSA-20-175-01

Vulnerability from csaf_cisa - Published: 2020-06-23 00:00 - Updated: 2020-07-07 00:00

Summary

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow information disclosure, information tampering, unauthorized operation, or a denial-of-service condition.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Shunkai Zhu",
          "Rongkuan Ma",
          "Peng Cheng"
        ],
        "organization": "NESC Lab of Zhejiang University",
        "summary": "reporting this vulnerability to Mitsubishi Electric"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow information disclosure, information tampering, unauthorized operation, or a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-175-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-175-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-175-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-175-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)",
    "tracking": {
      "current_release_date": "2020-07-07T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-175-01",
      "initial_release_date": "2020-06-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-06-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-175-01 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX series CPU modules"
        },
        {
          "date": "2020-07-07T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-20-175-01 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "MELSEC iQ-R iQ-F Q L and FX series CPU modules: all versions",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R iQ-F Q L and FX series CPU modules"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-5594",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a vulnerability due to cleartext communication between Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules, and GX Works3/GX Works2. There are risks of communication data eavesdropping/tampering, unauthorized operation, and denial-of-service (DoS) attacks from attackers. CVE-2020-5594 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).. --------- End Update A Part 1 of 2 ---------CVE-2020-5594 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends encrypting the communication path by setting up a VPN to mitigate the impact of this vulnerability.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Additional information about the vulnerability is available by contacting a Mitsubishi Electric representative.https://us.mitsubishielectric.com/fa/en/about-us/distributors",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://us.mitsubishielectric.com/fa/en/about-us/distributors"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-202006-1511

Vulnerability from variot - Updated: 2023-12-18 12:49

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.

There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "melsec iq-r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec-q",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec-fx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec iq-f",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec-l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec fx series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec iq-f series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec iq-r series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec l series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec q series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "electric melsec fx",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec iq-r",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec iq-f",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec q",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec l",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-5594",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-46802",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-5594",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 10,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005854",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-5594",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-005854",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-46802",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1590",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-5594",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-5594",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91424496",
        "trust": 2.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-175-01",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2176",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ]
  },
  "id": "VAR-202006-1511",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      }
    ],
    "trust": 1.3499999919999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:49:39.198000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba   \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu91424496"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/319.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "date": "2020-06-23T08:15:10.487000",
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "date": "2020-07-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "date": "2020-07-01T19:09:03.467000",
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "date": "2020-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Mitsubishi Electric  MELSEC iQ-R , iQ-F , Q , L , FX Of the series  CPU With the unit  GX Works3 and  GX Works2 Vulnerability in plaintext communication between",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ],
    "trust": 0.6
  }
}

GHSA-2VF3-PGP6-M4W5

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5594"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-23T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.",
  "id": "GHSA-2vf3-pgp6-m4w5",
  "modified": "2022-05-24T17:21:31Z",
  "published": "2022-05-24T17:21:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-5594

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5594

Aliases

CVE-2020-5594

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5594",
    "description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.",
    "id": "GSD-2020-5594"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5594"
      ],
      "details": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.",
      "id": "GSD-2020-5594",
      "modified": "2023-12-13T01:22:03.874220Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5594",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cleartext Transmission of Sensitive Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
          },
          {
            "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          },
          {
            "name": "https://jvn.jp/en/vu/JVNVU91424496/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5594"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/vu/JVNVU91424496/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
            },
            {
              "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-07-01T19:09Z",
      "publishedDate": "2020-06-23T08:15Z"
    }
  }
}

FKIE_CVE-2020-5594

Vulnerability from fkie_nvd - Published: 2020-06-23 08:15 - Updated: 2024-11-21 05:34

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU91424496/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU91424496/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	melsec_iq-r_firmware	*
mitsubishielectric	melsec_iq-r	-
mitsubishielectric	melsec_iq-f_firmware	*
mitsubishielectric	melsec_iq-f	-
mitsubishielectric	melsec-q_firmware	*
mitsubishielectric	melsec-q	-
mitsubishielectric	melsec-l_firmware	*
mitsubishielectric	melsec-l	-
mitsubishielectric	melsec-fx_firmware	*
mitsubishielectric	melsec-fx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2A20BD-77FE-42A3-9AC6-597470CD1212",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CC1A84-A51D-4E56-BA7A-9C1D21DDF8D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1644AECC-4A04-4209-9654-668D6B3B093B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "175AA161-6775-4715-85A2-4AD426D131F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1047B633-7FE4-47C2-846F-5878DA5D3038",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "418EA7F6-FB8D-4192-8BEC-E34BBF98400A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93701E98-1A2C-45EE-933F-2FA9D803A875",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCADAD32-6840-45C7-94E1-DD7BE0A59417",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DCC54F-CA89-41BC-8C3F-89084911956D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "455C03F1-8A83-493D-9DAD-F7D0950105AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Todos los m\u00f3dulos de CPU de las series Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L y FX, contienen una vulnerabilidad que permite la transmisi\u00f3n de informaci\u00f3n confidencial entre m\u00f3dulos de CPU y GX Works3 y/o GX Works2 por medio de vectores no especificados"
    }
  ],
  "id": "CVE-2020-5594",
  "lastModified": "2024-11-21T05:34:19.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-23T08:15:10.487",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5594 (GCVE-0-2020-5594)

CNVD-2020-46802

JVNDB-2020-005854

ICSA-20-175-01

VAR-202006-1511

GHSA-2VF3-PGP6-M4W5

GSD-2020-5594

FKIE_CVE-2020-5594

Tags

Sightings

Nomenclature