ICSA-20-212-04
Vulnerability from csaf_cisa - Published: 2020-07-30 00:00 - Updated: 2022-12-09 00:00Summary
Mitsubishi Electric Factory Automation Engineering Products
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Update Summary
This updated advisory is a follow-up to the original advisory titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update J) that was published March 2, 2023, on the ICS webpage on cisa.gov/ICS.
Risk evaluation
Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, modify information, and cause a denial-of-service condition.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Japan
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploits specifically target this vulnerability. This vulnerability has a high attack complexity.
{
"document": {
"acknowledgments": [
{
"names": [
"Mashav Sapir"
],
"organization": "Claroty",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "This updated advisory is a follow-up to the original advisory titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update J) that was published March 2, 2023, on the ICS webpage on cisa.gov/ICS.",
"title": "Update Summary"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, modify information, and cause a denial-of-service condition.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits specifically target this vulnerability. This vulnerability has a high attack complexity.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-212-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-212-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-212-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-212-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/Recommended-Practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://cisa.gov/ics"
}
],
"title": "Mitsubishi Electric Factory Automation Engineering Products",
"tracking": {
"current_release_date": "2022-12-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-212-04",
"initial_release_date": "2020-07-30T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-07-30T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products"
},
{
"date": "2020-11-05T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update A)"
},
{
"date": "2021-01-14T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update B)"
},
{
"date": "2021-05-27T00:00:00.000000Z",
"legacy_version": "C",
"number": "4",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update C)"
},
{
"date": "2021-07-27T00:00:00.000000Z",
"legacy_version": "D",
"number": "5",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update D)"
},
{
"date": "2021-11-18T00:00:00.000000Z",
"legacy_version": "E",
"number": "6",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E)"
},
{
"date": "2022-02-08T00:00:00.000000Z",
"legacy_version": "F",
"number": "7",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update F)"
},
{
"date": "2022-05-24T00:00:00.000000Z",
"legacy_version": "G",
"number": "8",
"summary": "ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update G)"
},
{
"date": "2022-08-02T00:00:00.000000Z",
"legacy_version": "H",
"number": "9",
"summary": "Mitsubishi Electric Factory Automation Engineering Products (Update H)"
},
{
"date": "2022-12-09T00:00:00.000000Z",
"legacy_version": "I",
"number": "10",
"summary": "Mitsubishi Electric Factory Automation Engineering Products (Update I)"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.21X",
"product": {
"name": "MX MESInterface: Versions 1.21X and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "MX MESInterface"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.200J",
"product": {
"name": "GT SoftGOT1000: Version3 Versions 3.200J and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "GT SoftGOT1000 Version 3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.04E",
"product": {
"name": "SLMP Data Collector: Version 1.04E and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SLMP Data Collector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.16S",
"product": {
"name": "Network Interface Board CC IE Field Utility: Versions 1.16S and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Network Interface Board CC IE Field Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.241B",
"product": {
"name": "GT SoftGOT2000: Version1 Versions 1.241B and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "GT SoftGOT2000 Version 1"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "CC-Link IE Control Network Data Collector: Version 1.00A",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "CC-Link IE Control Network Data Collector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.4",
"product": {
"name": "MELFA-Works: Version 4.4 and prior",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "MELFA-Works"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "CC-Link IE TSN Data Collector: Version 1.00A",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "CC-Link IE TSN Data Collector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.010L",
"product": {
"name": "CW Configurator: Versions 1.010L and prior",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "CW Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.23Z",
"product": {
"name": "Network Interface Board CC-Link Ver.2 Utility: Versions 1.23Z and prior",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "Network Interface Board CC-Link Ver.2 Utility"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "CC-Link IE Field Network Data Collector: Version 1.00A",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "CC-Link IE Field Network Data Collector"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Position Board utility 2: all versions",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "Position Board utility 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.004E",
"product": {
"name": "MI Configurator: Version 1.004E and prior",
"product_id": "CSAFPID-00013"
}
}
],
"category": "product_name",
"name": "MI Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.100E",
"product": {
"name": "CPU Module Logging Configuration Tool: Versions 1.100E and prior",
"product_id": "CSAFPID-00014"
}
}
],
"category": "product_name",
"name": "CPU Module Logging Configuration Tool"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.12N",
"product": {
"name": "MX MESInterface-R: Versions 1.12N and prior",
"product_id": "CSAFPID-00015"
}
}
],
"category": "product_name",
"name": "MX MESInterface-R"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.20W",
"product": {
"name": "MX Component: Version 4.20W and prior",
"product_id": "CSAFPID-00016"
}
}
],
"category": "product_name",
"name": "MX Component"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.167Z",
"product": {
"name": "MT Works2: Version 1.167Z and prior",
"product_id": "CSAFPID-00017"
}
}
],
"category": "product_name",
"name": "MT Works2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.13P",
"product": {
"name": "Setting/Monitoring tools for the C Controller module (SW3PVC-CCPU): Version 3.13P and prior",
"product_id": "CSAFPID-00018"
}
}
],
"category": "product_name",
"name": "Setting/Monitoring tools for the C Controller module (SW3PVC-CCPU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.063R",
"product": {
"name": "GX Works3: Versions 1.063R and prior",
"product_id": "CSAFPID-00019"
}
}
],
"category": "product_name",
"name": "GX Works3"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "FR Configurator SW3: all versions",
"product_id": "CSAFPID-00020"
}
}
],
"category": "product_name",
"name": "FR Configurator SW3"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "MELSOFT EM Software Development Kit: all versions",
"product_id": "CSAFPID-00021"
}
}
],
"category": "product_name",
"name": "MELSOFT EM Software Development Kit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.125F",
"product": {
"name": "MR Configurator2: Version 1.125F and prior",
"product_id": "CSAFPID-00022"
}
}
],
"category": "product_name",
"name": "MR Configurator2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.005F",
"product": {
"name": "Motion Control Setting: Versions 1.005F and prior",
"product_id": "CSAFPID-00023"
}
}
],
"category": "product_name",
"name": "Motion Control Setting"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.1.4.0",
"product": {
"name": "MTConnect Data Collector: Version 1.1.4.0 and prior",
"product_id": "CSAFPID-00024"
}
}
],
"category": "product_name",
"name": "MTConnect Data Collector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.241B",
"product": {
"name": "GT Designer3 Version1 (GOT2000): Versions 1.241B and prior",
"product_id": "CSAFPID-00025"
}
}
],
"category": "product_name",
"name": "GT Designer3 Version1 (GOT2000)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.26C",
"product": {
"name": "FR Configurator2: Versions 1.26C and prior",
"product_id": "CSAFPID-00026"
}
}
],
"category": "product_name",
"name": "FR Configurator2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.03D",
"product": {
"name": "M_CommDTM-IO-Link: Versions 1.03D and prior",
"product_id": "CSAFPID-00027"
}
}
],
"category": "product_name",
"name": "M_CommDTM-IO-Link"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.100E",
"product": {
"name": "GX LogViewer: Versions 1.100E and prior",
"product_id": "CSAFPID-00028"
}
}
],
"category": "product_name",
"name": "GX LogViewer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.241B",
"product": {
"name": "GT Designer3 Version1 (GOT1000): Versions 1.241B and prior",
"product_id": "CSAFPID-00029"
}
}
],
"category": "product_name",
"name": "GT Designer3 Version1 (GOT1000)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.06G",
"product": {
"name": "MELSOFT Complete Clean Up Tool: Versions 1.06G and prior",
"product_id": "CSAFPID-00030"
}
}
],
"category": "product_name",
"name": "MELSOFT Complete Clean Up Tool"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "C Controller Interface Module Utility: all versions",
"product_id": "CSAFPID-00031"
}
}
],
"category": "product_name",
"name": "C Controller Interface Module Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.53F",
"product": {
"name": "PX Developer: version 1.53F and prior",
"product_id": "CSAFPID-00032"
}
}
],
"category": "product_name",
"name": "PX Developer"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "MELSEC WinCPU Setting Utility: all versions",
"product_id": "CSAFPID-00033"
}
}
],
"category": "product_name",
"name": "MELSEC WinCPU Setting Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.29F",
"product": {
"name": "Network Interface Board CC IE Control Utility: Versions 1.29F and prior",
"product_id": "CSAFPID-00034"
}
}
],
"category": "product_name",
"name": "Network Interface Board CC IE Control Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 34L",
"product": {
"name": "Network Interface Board MNETH Utility: Versions 34L and prior",
"product_id": "CSAFPID-00035"
}
}
],
"category": "product_name",
"name": "Network Interface Board MNETH Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.74C",
"product": {
"name": "MELSOFT Navigator: Versions 2.74C and prior",
"product_id": "CSAFPID-00036"
}
}
],
"category": "product_name",
"name": "MELSOFT Navigator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.005F",
"product": {
"name": "Motorizer: Versions 1.005F and prior",
"product_id": "CSAFPID-00037"
}
}
],
"category": "product_name",
"name": "Motorizer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.12N",
"product": {
"name": "Setting/Monitoring tools for the C Controller module (SW4PVC-CCPU): Version 4.12N and prior",
"product_id": "CSAFPID-00038"
}
}
],
"category": "product_name",
"name": "Setting/Monitoring tools for the C Controller module (SW4PVC-CCPU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 8.504A",
"product": {
"name": "GX Developer: Versions 8.504A and prior",
"product_id": "CSAFPID-00039"
}
}
],
"category": "product_name",
"name": "GX Developer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.15R",
"product": {
"name": "MX Sheet: Version 2.15R and prior",
"product_id": "CSAFPID-00040"
}
}
],
"category": "product_name",
"name": "MX Sheet"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.73B",
"product": {
"name": "RT ToolBox2: Version 3.73B and prior",
"product_id": "CSAFPID-00041"
}
}
],
"category": "product_name",
"name": "RT ToolBox2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.17T",
"product": {
"name": "MELSOFT iQ AppPortal: 1.17T and prior",
"product_id": "CSAFPID-00042"
}
}
],
"category": "product_name",
"name": "MELSOFT iQ AppPortal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.601B",
"product": {
"name": "GX Works2: Versions 1.601B and prior",
"product_id": "CSAFPID-00043"
}
}
],
"category": "product_name",
"name": "GX Works2"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "GT Designer2 Classic: all versions",
"product_id": "CSAFPID-00044"
}
}
],
"category": "product_name",
"name": "GT Designer2 Classic"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.42U",
"product": {
"name": "Data Transfer: Versions 3.42U and prior",
"product_id": "CSAFPID-00045"
}
}
],
"category": "product_name",
"name": "Data Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.1",
"product": {
"name": "EZSocket: version 5.1 and prior",
"product_id": "CSAFPID-00046"
}
}
],
"category": "product_name",
"name": "EZSocket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.82L",
"product": {
"name": "RT ToolBox3: Version 1.82L and prior",
"product_id": "CSAFPID-00047"
}
}
],
"category": "product_name",
"name": "RT ToolBox3"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14521",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "summary",
"text": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. CVE-2020-14521 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14521"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Refer to the Mitsubishi Electric website for details on available patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "mitigation",
"details": "Download the latest version of each software product and update it.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Refer to the manual for help to update affected products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
{
"category": "mitigation",
"details": "If a \u201cFile Name Warning\u201d message is displayed when starting Windows, take appropriate measures according to the instructions in the message (such as changing a file name) and then install or operate the products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
{
"category": "mitigation",
"details": "Operate the products under an account that does not have administrator privileges.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in computers using the products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
{
"category": "mitigation",
"details": "Restrict network exposure for all control system devices or systems to the minimum necessary and ensure they are not accessible from untrusted networks and hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
{
"category": "mitigation",
"details": "Locate control system networks and remote devices behind firewalls and isolate them from the network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
{
"category": "mitigation",
"details": "Use virtual private network (VPN) when remote access is required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
},
{
"category": "mitigation",
"details": "Additional information about the vulnerabilities or Mitsubishi Electric\u0027s compensating control is available by contacting a Mitsubishi Electric representative.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028",
"CSAFPID-00029",
"CSAFPID-00030",
"CSAFPID-00031",
"CSAFPID-00032",
"CSAFPID-00033",
"CSAFPID-00034",
"CSAFPID-00035",
"CSAFPID-00036",
"CSAFPID-00037",
"CSAFPID-00038",
"CSAFPID-00039",
"CSAFPID-00040",
"CSAFPID-00041",
"CSAFPID-00042",
"CSAFPID-00043",
"CSAFPID-00044",
"CSAFPID-00045",
"CSAFPID-00046",
"CSAFPID-00047"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…