CVE-2020-14496

Name: CVE-2020-14496
Creator: NVD / NIST
Published: 2022-05-19T18:15:08.36+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 0.83%

Last modified Jun 17, 2026

CVE-2020-14496 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.. EPSS estimates a 0.83% chance of exploitation in the next 30 days.

Description

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.83%

52.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-275

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Cpu Module Logging Configuration Tool	< 1.106k
Mitsubishielectric	Cw Configurator	< 1.011m
Mitsubishielectric	Data Transfer	< 3.41t
Mitsubishielectric	Em Configurator	< 1.015r
Mitsubishielectric	Ezsocket	< 4.6
Mitsubishielectric	Fr Configurator2	< 1.23z
Mitsubishielectric	Gt Designer3	< 1.236w
Mitsubishielectric	Gt Softgot1000	< 3.245f
Mitsubishielectric	Gt Softgot2000	< 1.236w
Mitsubishielectric	Gx Logviewer	< 1.106k
Mitsubishielectric	Gx Works2	< 1.595v
Mitsubishielectric	Gx Works3	< 1.065t
Mitsubishielectric	M Commdtm-Hart	< 1.01b
Mitsubishielectric	M Commdtm-Io-Link	< 1.04e
Mitsubishielectric	Melfa-Works	< 4.4
Mitsubishielectric	Melsoft Fielddeviceconfigurator	< 1.04e
Mitsubishielectric	Melsoft Navigator	< 2.70y
Mitsubishielectric	Mh11 Settingtool Version2	< 2.003d
Mitsubishielectric	Motorizer	< 1.010l
Mitsubishielectric	Mr Configurator2	< 1.106l
Mitsubishielectric	Mt Works2	< 1.160s
Mitsubishielectric	Mx Component	< 4.20w
Mitsubishielectric	Network Interface Board Cc-Link Ver.2 Utility	< 1.24a
Mitsubishielectric	Network Interface Board Cc Ie Control Utility	< 1.30g
Mitsubishielectric	Network Interface Board Cc Ie Field Utility	< 1.17t
Mitsubishielectric	Network Interface Board Mneth Utility	< 35m
Mitsubishielectric	Px Developer	< 1.53f
Mitsubishielectric	Rt Toolbox2	< 3.73b
Mitsubishielectric	Rt Toolbox3	< 1.80j

References

https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02Third Party Advisory, US Government Resource

Timeline

Published: May 19, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-14496?

How severe is CVE-2020-14496?

CVE-2020-14496 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.83% probability of exploitation in the next 30 days.

How do I fix CVE-2020-14496?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-14496?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST