Strix
26.1K

CVE-2020-14521

CRITICALCVSS 9.8/10EPSS 1.22%

Last modified

CVE-2020-14521 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.. EPSS estimates a 1.22% chance of exploitation in the next 30 days.

Description

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.22%

64.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MitsubishielectricC Controller Interface Module UtilityAll versions
MitsubishielectricC Controller Module Setting And Monitoring ToolAll versions
MitsubishielectricCc-Link Ie Control Network Data Collector1.00a
MitsubishielectricCc-Link Ie Field Network Data Collector1.00a
MitsubishielectricCc-Link Ie Tsn Data Collector1.00a
MitsubishielectricCpu Module Logging Configuration Tool<= 1.100e
MitsubishielectricCw Configurator<= 1.010l
MitsubishielectricData Transfer<= 3.42u
MitsubishielectricEzsocket<= 5.1
MitsubishielectricFr Configurator Sw3All versions
MitsubishielectricFr Configurator2All versions
MitsubishielectricGt Designer2 ClassicAll versions
MitsubishielectricGt Softgot1000>= 3.0, <= 3.200j
MitsubishielectricGt Softgot2000>= 1.0, <= 1.241b
MitsubishielectricGx Developer<= 8.504a
MitsubishielectricGx Logviewer<= 1.100e
MitsubishielectricGx Works2<= 1.601b
MitsubishielectricGx Works3<= 1.063r
MitsubishielectricM Commdtm-Io-LinkAll versions
MitsubishielectricMelfa-Works<= 4.4
MitsubishielectricMelsec Wincpu Setting UtilityAll versions
MitsubishielectricMelsoft Complete Clean Up Tool<= 1.06g
MitsubishielectricMelsoft Em Software Development KitAll versions
MitsubishielectricMelsoft Iq Appportal<= 1.17t
MitsubishielectricMelsoft Navigator<= 2.74c
MitsubishielectricMi ConfiguratorAll versions
MitsubishielectricMotion Control Setting<= 1.005f
MitsubishielectricMotorizer<= 1.005f
MitsubishielectricMr Configurator2<= 1.125f
MitsubishielectricMt Works2<= 1.167z
MitsubishielectricMtconnect Data Collector<= 1.1.4.0
MitsubishielectricMx Component<= 4.20w
MitsubishielectricMx Mesinterface<= 1.21x
MitsubishielectricMx Mesinterface-R<= 1.12n
MitsubishielectricMx Sheet<= 2.15r
MitsubishielectricPosition Board Utility 2All versions
MitsubishielectricPx Developer<= 1.53f
MitsubishielectricRt Toolbox2<= 3.73b
MitsubishielectricRt Toolbox3<= 1.82l
MitsubishielectricSetting\/Monitoring Tools For The C Controller ModuleAll versions
MitsubishielectricSlmp Data Collector<= 1.04e
MitsubishielectricGt Designer3<= 1.241b
MitsubishielectricNetwork Interface Board Cc-Link Ver.2 Utility FirmwareAll versions
MitsubishielectricNetwork Interface Board Cc Ie Control Utility FirmwareAll versions
MitsubishielectricNetwork Interface Board Cc Ie Field Utility FirmwareAll versions
MitsubishielectricNetwork Interface Board Mneth Utility FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-14521?
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
How severe is CVE-2020-14521?
CVE-2020-14521 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.22% probability of exploitation in the next 30 days.
How do I fix CVE-2020-14521?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-14521?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST