CVE-2020-14521

Published: Feb 11, 2022

Modified: Apr 16, 2025

PUBLISHED

CVSS v3.1

8.3

HIGH

Description

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Vendor	Product	Versions
Mitsubishi Electric	C Controller Interface Module Utility	affected `unspecified - <= Version 2.00`
Mitsubishi Electric	CC-Link IE Control Network Data Collector	affected `Version 1.00A`
Mitsubishi Electric	CC-Link IE Field Network Data Collector	affected `Version 1.00A`
Mitsubishi Electric	CC-Link IE TSN Data Collector	affected `Version 1.00A`
Mitsubishi Electric	CPU Module Logging Configuration Tool	affected `unspecified - <= Version 1.100E`
Mitsubishi Electric	CW Configurator	affected `unspecified - <= Version 1.010L`
Mitsubishi Electric	Data Transfer	affected `unspecified - <= Version 3.42U`
Mitsubishi Electric	EZSocket	affected `unspecified - <= Version 5.1`
Mitsubishi Electric	FR Configurator SW3	affected `All Versions`
Mitsubishi Electric	FR Configurator2	affected `unspecified - <= Version 1.26C`
Mitsubishi Electric	GT Designer2 Classic	affected `All Versions`
Mitsubishi Electric	GT Designer3 Version1 (GOT1000)	affected `unspecified - <= Version 1.241B`
Mitsubishi Electric	GT Designer3 Version1 (GOT2000)	affected `unspecified - <= Version 1.241B`
Mitsubishi Electric	GT SoftGOT1000 Version3	affected `unspecified - <= Version 3.200J`
Mitsubishi Electric	GT SoftGOT2000 Version1	affected `unspecified - <= Version 1.241B`
Mitsubishi Electric	GX Developer	affected `unspecified - <= Version 8.504A`
Mitsubishi Electric	GX LogViewer	affected `unspecified - <= Version 1.100E`
Mitsubishi Electric	GX Works2	affected `unspecified - <= Version 1.601B`
Mitsubishi Electric	GX Works3	affected `unspecified - <= Version 1.063R`
Mitsubishi Electric	M_CommDTM-IO-Link	affected `unspecified - <= Version 1.03D`
Mitsubishi Electric	MELFA-Works	affected `unspecified - <= Version 4.4`
Mitsubishi Electric	MELSEC WinCPU Setting Utility	affected `All Versions`
Mitsubishi Electric	MELSOFT Complete Clean Up Tool	affected `unspecified - <= Version 1.06G`
Mitsubishi Electric	MELSOFT EM Software Development Kit	affected `unspecified - <= Version 1.015R`
Mitsubishi Electric	MELSOFT iQ AppPortal	affected `unspecified - <= Version 1.17T`
Mitsubishi Electric	MELSOFT Navigator	affected `unspecified - <= Version 2.74C`
Mitsubishi Electric	MI Configurator	affected `unspecified - <= Version 1.004E`
Mitsubishi Electric	Motion Control Setting	affected `unspecified - <= Version 1.005F`
Mitsubishi Electric	Motorizer	affected `unspecified - <= Version 1.005F`
Mitsubishi Electric	MR Configurator2	affected `unspecified - <= Version 1.125F`
Mitsubishi Electric	MT Works2	affected `unspecified - <= Version 1.167Z`
Mitsubishi Electric	MTConnect Data Collector	affected `unspecified - <= Version 1.1.4.0`
Mitsubishi Electric	MX Component	affected `unspecified - <= Version 4.20W`
Mitsubishi Electric	MX MESInterface	affected `unspecified - <= Version 1.21X`
Mitsubishi Electric	MX MESInterface-R	affected `unspecified - <= Version 1.12N`
Mitsubishi Electric	MX Sheet	affected `unspecified - <= Version 2.15R`
Mitsubishi Electric	Network Interface Board CC IE Control Utility	affected `unspecified - <= Version 1.29F`
Mitsubishi Electric	Network Interface Board CC IE Field Utility	affected `unspecified - <= Versions 1.16S`
Mitsubishi Electric	Network Interface Board CC-Link Ver.2 Utility	affected `unspecified - <= Version 1.23Z`
Mitsubishi Electric	Network Interface Board MNETH Utility	affected `unspecified - <= Version 34L`
Mitsubishi Electric	Position Board utility 2	affected `unspecified - <= Version 3.20`
Mitsubishi Electric	PX Developer	affected `unspecified - <= Version 1.53F`
Mitsubishi Electric	RT ToolBox2	affected `unspecified - <= Version 3.73B`
Mitsubishi Electric	RT ToolBox3	affected `unspecified - <= Version 1.82L`
Mitsubishi Electric	Setting/Monitoring tools for the C Controller module	affected `unspecified - <= SW3PVC-CCPU Version 3.13P` affected `unspecified - <= SW4PVC-CCPU Version 4.12N`
Mitsubishi Electric	SLMP Data Collector	affected `unspecified - <= Version 1.04E`

Weaknesses (CWE)

CWE-428

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04

government-resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-14521

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References