GSD-2020-14496
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-14496",
"description": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.",
"id": "GSD-2020-14496"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-14496"
],
"details": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.",
"id": "GSD-2020-14496",
"modified": "2023-12-13T01:22:00.229515Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14496",
"STATE": "PUBLIC",
"TITLE": "Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPU Module Logging Configuration Tool",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.100E"
}
]
}
},
{
"product_name": "CW Configurator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.010L"
}
]
}
},
{
"product_name": "Data Transfer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "3.40S"
}
]
}
},
{
"product_name": "EZSocket",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "4.5"
}
]
}
},
{
"product_name": "FR Configurator2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.22Y"
}
]
}
},
{
"product_name": "GT Designer3 Version1 (GOT2000)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.235V"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "3.200J"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "GT SoftGOT2000 Version1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.235V"
}
]
}
},
{
"product_name": "GX LogViewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.100E"
}
]
}
},
{
"product_name": "GX Works2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.592S"
}
]
}
},
{
"product_name": "GX Works3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.063R"
}
]
}
},
{
"product_name": "M_CommDTM-HART",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "1.00A"
}
]
}
},
{
"product_name": "M_CommDTM-IO-Link",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "MELFA-Works",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "4.3"
}
]
}
},
{
"product_name": "MELSEC WinCPU Setting Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "MELSOFT EM Software Development Kit (EM Configurator)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.010L"
}
]
}
},
{
"product_name": "MELSOFT FieldDeviceConfigurator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.03D"
}
]
}
},
{
"product_name": "MELSOFT Navigator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2.62Q"
}
]
}
},
{
"product_name": "MH11 SettingTool Version2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2.002C"
}
]
}
},
{
"product_name": "MI Configurator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Motorizer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.005F"
}
]
}
},
{
"product_name": "MR Configurator2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.105K"
}
]
}
},
{
"product_name": "MT Works2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.156N"
}
]
}
},
{
"product_name": "MX Component",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "4.19V"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Control utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Field Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board CC-Link Ver.2 Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board MNETH utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "PX Developer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.52E"
}
]
}
},
{
"product_name": "RT ToolBox2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "3.72A"
}
]
}
},
{
"product_name": "RT ToolBox3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.70Y"
}
]
}
},
{
"product_name": "Setting/monitoring tools for the C Controller module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275 Permission Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02"
}
]
},
"source": {
"advisory": "ICSA-20-212-02",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:m_commdtm-hart:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.01b",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.065t",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.595v",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gx_logviewer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.106k",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gt_softgot2000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.236w",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gt_softgot1000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.245f",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gt_designer3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.236w",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.23z",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:data_transfer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.41t",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.011m",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.106k",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.80j",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:rt_toolbox2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.73b",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:px_developer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.53f",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:network_interface_board_mneth_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "35m",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.24a",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_field_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.17t",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_control_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.30g",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.20w",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.160s",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.106l",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:motorizer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.010l",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mh11_settingtool_version2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.003d",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70y",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:melsoft_fielddeviceconfigurator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.04e",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:em_configurator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.015r",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:melfa-works:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.04e",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14496"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-06-07T21:15Z",
"publishedDate": "2022-05-19T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…