{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "C Controller Interface Module Utility", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 2.00", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CC-Link IE Control Network Data Collector", "vendor": "Mitsubishi Electric", "versions": [{"status": "affected", "version": "Version 1.00A"}]}, {"defaultStatus": "unaffected", "product": "CC-Link IE Field Network Data Collector", "vendor": "Mitsubishi Electric", "versions": [{"status": "affected", "version": "Version 1.00A"}]}, {"defaultStatus": "unaffected", "product": "CC-Link IE TSN Data Collector", "vendor": "Mitsubishi Electric", "versions": [{"status": "affected", "version": "Version 1.00A"}]}, {"defaultStatus": "unaffected", "product": "CPU Module Logging Configuration Tool", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.100E", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CW Configurator", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.010L", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Data Transfer", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 3.42U", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EZSocket", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 5.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "FR Configurator SW3", "vendor": "Mitsubishi Electric", "versions": [{"status": "affected", "version": "All Versions"}]}, {"defaultStatus": "unaffected", "product": "FR Configurator2", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.26C", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GT Designer2 Classic", "vendor": "Mitsubishi Electric", "versions": [{"status": "affected", "version": "All Versions"}]}, {"defaultStatus": "unaffected", "product": "GT Designer3 Version1 (GOT1000)", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.241B", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GT Designer3 Version1 (GOT2000)", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.241B", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GT SoftGOT1000 Version3", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 3.200J", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GT SoftGOT2000 Version1", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.241B", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GX Developer", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 8.504A", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GX LogViewer", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.100E", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GX Works2", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.601B", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GX Works3", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.063R", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M_CommDTM-IO-Link", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.03D", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MELFA-Works", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 4.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MELSEC WinCPU Setting Utility", "vendor": "Mitsubishi Electric", "versions": [{"status": "affected", "version": "All Versions"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT Complete Clean Up Tool", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.06G", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT EM Software Development Kit", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.015R", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT iQ AppPortal", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.17T", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MELSOFT Navigator", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 2.74C", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MI Configurator", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.004E", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Motion Control Setting", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.005F", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Motorizer", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.005F", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MR Configurator2", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.125F", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MT Works2", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.167Z", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MTConnect Data Collector", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.1.4.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MX Component", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 4.20W", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MX MESInterface", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.21X", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MX MESInterface-R", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.12N", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MX Sheet", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 2.15R", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Network Interface Board CC IE Control Utility", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.29F", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Network Interface Board CC IE Field Utility", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Versions 1.16S", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Network Interface Board CC-Link Ver.2 Utility", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.23Z", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Network Interface Board MNETH Utility", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 34L", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Position Board utility 2", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 3.20", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "PX Developer", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.53F", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RT ToolBox2", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 3.73B", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RT ToolBox3", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.82L", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Setting/Monitoring tools for the C Controller module", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "SW3PVC-CCPU Version 3.13P", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "SW4PVC-CCPU Version 4.12N", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SLMP Data Collector", "vendor": "Mitsubishi Electric", "versions": [{"lessThanOrEqual": "Version 1.04E", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mashav Sapir of Claroty reported this vulnerability to CISA"}], "datePublic": "2020-07-30T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.\n\n<p></p>"}], "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-03-07T21:29:25.280Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"}, {"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"}], "source": {"advisory": "ICSA-20-212-04", "discovery": "UNKNOWN"}, "title": "Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-30T16:50:00.000Z", "ID": "CVE-2020-14521", "STATE": "PUBLIC", "TITLE": "Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "C Controller Interface Module Utility", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "C Controller Module Setting and Monitoring Tool", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "CC-Link IE Control Network Data Collector", "version": {"version_data": [{"version_affected": "=", "version_value": "Version 1.00A"}]}}, {"product_name": "CC-Link IE Field Network Data Collector", "version": {"version_data": [{"version_affected": "=", "version_value": "Version 1.00A"}]}}, {"product_name": "CC-Link IE TSN Data Collector", "version": {"version_data": [{"version_affected": "=", "version_value": "Version 1.00A"}]}}, {"product_name": "CPU Module Logging Configuration Tool", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.100E"}]}}, {"product_name": "CW Configurator", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.010L"}]}}, {"product_name": "Data Transfer", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 3.42U and prior"}]}}, {"product_name": "EZSocket", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 5.1"}]}}, {"product_name": "FR Configurator SW3", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "FR Configurator2", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "GT Designer2 Classic", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "GT Designer3 Version1 (GOT1000)", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.241B"}]}}, {"product_name": "GT Designer3 Version1 (GOT2000)", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.241B"}]}}, {"product_name": "GT SoftGOT1000 Version3", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 3.200J"}]}}, {"product_name": "GT SoftGOT2000 Version1", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.241B"}]}}, {"product_name": "GX Developer", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 8.504A"}]}}, {"product_name": "GX LogViewer", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.100E"}]}}, {"product_name": "GX Works2", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.601B"}]}}, {"product_name": "GX Works3", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.063R"}]}}, {"product_name": "M_CommDTM-IO-Link", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "MELFA-Works", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 4.4"}]}}, {"product_name": "MELSEC WinCPU Setting Utility", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "MELSOFT Complete Clean Up Tool", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.06G"}]}}, {"product_name": "MELSOFT EM Software Development Kit", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "MELSOFT iQ AppPortal", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.17T"}]}}, {"product_name": "MELSOFT Navigator", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 2.74C"}]}}, {"product_name": "MI Configurator", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "Motion Control Setting", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.005F"}]}}, {"product_name": "Motorizer", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.005F"}]}}, {"product_name": "MR Configurator2", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.125F"}]}}, {"product_name": "MT Works2", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.167Z"}]}}, {"product_name": "MTConnect Data Collector", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.1.4.0"}]}}, {"product_name": "MX Component", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 4.20W"}]}}, {"product_name": "MX MESInterface", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.21X"}]}}, {"product_name": "MX MESInterface-R", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.12N"}]}}, {"product_name": "MX Sheet", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 2.15R"}]}}, {"product_name": "Network Interface Board CC IE Control Utility", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "Network Interface Board CC IE Field Utility", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "Network Interface Board CC-Link Ver.2 Utility", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "Network Interface Board MNETH Utility", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "Position Board utility 2", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "PX Developer", "version": {"version_data": [{"version_affected": "<=", "version_value": "version 1.53F"}]}}, {"product_name": "RT ToolBox2", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 3.73B"}]}}, {"product_name": "RT ToolBox3", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.82L"}]}}, {"product_name": "Setting/monitoring tools for the C Controller module", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "SLMP Data Collector", "version": {"version_data": [{"version_affected": "<=", "version_value": "Version 1.04E"}]}}]}, "vendor_name": "Mitsubishi Electric"}]}}, "credit": [{"lang": "eng", "value": "Mashav Sapir of Claroty reported this vulnerability to CISA"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-428 Unquoted Search Path or Element"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"}, {"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf", "refsource": "MISC", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"}]}, "solution": [{"lang": "en"}], "source": {"advisory": "ICSA-20-212-04", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.835Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T17:31:29.570752Z", "id": "CVE-2020-14521", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T18:01:31.445Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14521", "datePublished": "2022-02-11T17:40:28.403Z", "dateReserved": "2020-06-19T00:00:00.000Z", "dateUpdated": "2025-04-16T18:01:31.445Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04", "tags": ["government-resource", "x_transferred"]}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.835Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-14521", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T17:31:29.570752Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T17:31:31.459Z"}}], "cna": {"title": "Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element", "source": {"advisory": "ICSA-20-212-04", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mashav Sapir of Claroty reported this vulnerability to CISA"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric", "product": "C Controller Interface Module Utility", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 2.00"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "CC-Link IE Control Network Data Collector", "versions": [{"status": "affected", "version": "Version 1.00A"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "CC-Link IE Field Network Data Collector", "versions": [{"status": "affected", "version": "Version 1.00A"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "CC-Link IE TSN Data Collector", "versions": [{"status": "affected", "version": "Version 1.00A"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "CPU Module Logging Configuration Tool", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.100E"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "CW Configurator", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.010L"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Data Transfer", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 3.42U"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "EZSocket", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 5.1"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "FR Configurator SW3", "versions": [{"status": "affected", "version": "All Versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "FR Configurator2", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.26C"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GT Designer2 Classic", "versions": [{"status": "affected", "version": "All Versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GT Designer3 Version1 (GOT1000)", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.241B"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GT Designer3 Version1 (GOT2000)", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.241B"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GT SoftGOT1000 Version3", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 3.200J"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GT SoftGOT2000 Version1", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.241B"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GX Developer", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 8.504A"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GX LogViewer", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.100E"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GX Works2", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.601B"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "GX Works3", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.063R"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "M_CommDTM-IO-Link", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.03D"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MELFA-Works", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 4.4"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MELSEC WinCPU Setting Utility", "versions": [{"status": "affected", "version": "All Versions"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MELSOFT Complete Clean Up Tool", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.06G"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MELSOFT EM Software Development Kit", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.015R"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MELSOFT iQ AppPortal", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.17T"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MELSOFT Navigator", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 2.74C"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MI Configurator", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.004E"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Motion Control Setting", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.005F"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Motorizer", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.005F"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MR Configurator2", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.125F"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MT Works2", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.167Z"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MTConnect Data Collector", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.1.4.0"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MX Component", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 4.20W"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MX MESInterface", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.21X"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MX MESInterface-R", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.12N"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "MX Sheet", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 2.15R"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Network Interface Board CC IE Control Utility", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.29F"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Network Interface Board CC IE Field Utility", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Versions 1.16S"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Network Interface Board CC-Link Ver.2 Utility", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.23Z"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Network Interface Board MNETH Utility", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 34L"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Position Board utility 2", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 3.20"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "PX Developer", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.53F"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "RT ToolBox2", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 3.73B"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "RT ToolBox3", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.82L"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "Setting/Monitoring tools for the C Controller module", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "SW3PVC-CCPU Version 3.13P"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "SW4PVC-CCPU Version 4.12N"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric", "product": "SLMP Data Collector", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "Version 1.04E"}], "defaultStatus": "unaffected"}], "datePublic": "2020-07-30T06:00:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04", "tags": ["government-resource"]}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.", "supportingMedia": [{"type": "text/html", "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.\n\n<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-03-07T21:29:25.280Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Mashav Sapir of Claroty reported this vulnerability to CISA"}], "impact": {"cvss": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "ICSA-20-212-04", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "C Controller Interface Module Utility"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "C Controller Module Setting and Monitoring Tool"}, {"version": {"version_data": [{"version_value": "Version 1.00A", "version_affected": "="}]}, "product_name": "CC-Link IE Control Network Data Collector"}, {"version": {"version_data": [{"version_value": "Version 1.00A", "version_affected": "="}]}, "product_name": "CC-Link IE Field Network Data Collector"}, {"version": {"version_data": [{"version_value": "Version 1.00A", "version_affected": "="}]}, "product_name": "CC-Link IE TSN Data Collector"}, {"version": {"version_data": [{"version_value": "Version 1.100E", "version_affected": "<="}]}, "product_name": "CPU Module Logging Configuration Tool"}, {"version": {"version_data": [{"version_value": "Version 1.010L", "version_affected": "<="}]}, "product_name": "CW Configurator"}, {"version": {"version_data": [{"version_value": "Version 3.42U and prior", "version_affected": "<="}]}, "product_name": "Data Transfer"}, {"version": {"version_data": [{"version_value": "Version 5.1", "version_affected": "<="}]}, "product_name": "EZSocket"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "FR Configurator SW3"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "FR Configurator2"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "GT Designer2 Classic"}, {"version": {"version_data": [{"version_value": "Version 1.241B", "version_affected": "<="}]}, "product_name": "GT Designer3 Version1 (GOT1000)"}, {"version": {"version_data": [{"version_value": "Version 1.241B", "version_affected": "<="}]}, "product_name": "GT Designer3 Version1 (GOT2000)"}, {"version": {"version_data": [{"version_value": "Version 3.200J", "version_affected": "<="}]}, "product_name": "GT SoftGOT1000 Version3"}, {"version": {"version_data": [{"version_value": "Version 1.241B", "version_affected": "<="}]}, "product_name": "GT SoftGOT2000 Version1"}, {"version": {"version_data": [{"version_value": "Version 8.504A", "version_affected": "<="}]}, "product_name": "GX Developer"}, {"version": {"version_data": [{"version_value": "Version 1.100E", "version_affected": "<="}]}, "product_name": "GX LogViewer"}, {"version": {"version_data": [{"version_value": "Version 1.601B", "version_affected": "<="}]}, "product_name": "GX Works2"}, {"version": {"version_data": [{"version_value": "Version 1.063R", "version_affected": "<="}]}, "product_name": "GX Works3"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "M_CommDTM-IO-Link"}, {"version": {"version_data": [{"version_value": "Version 4.4", "version_affected": "<="}]}, "product_name": "MELFA-Works"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "MELSEC WinCPU Setting Utility"}, {"version": {"version_data": [{"version_value": "Version 1.06G", "version_affected": "<="}]}, "product_name": "MELSOFT Complete Clean Up Tool"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "MELSOFT EM Software Development Kit"}, {"version": {"version_data": [{"version_value": "Version 1.17T", "version_affected": "<="}]}, "product_name": "MELSOFT iQ AppPortal"}, {"version": {"version_data": [{"version_value": "Version 2.74C", "version_affected": "<="}]}, "product_name": "MELSOFT Navigator"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "MI Configurator"}, {"version": {"version_data": [{"version_value": "Version 1.005F", "version_affected": "<="}]}, "product_name": "Motion Control Setting"}, {"version": {"version_data": [{"version_value": "Version 1.005F", "version_affected": "<="}]}, "product_name": "Motorizer"}, {"version": {"version_data": [{"version_value": "Version 1.125F", "version_affected": "<="}]}, "product_name": "MR Configurator2"}, {"version": {"version_data": [{"version_value": "Version 1.167Z", "version_affected": "<="}]}, "product_name": "MT Works2"}, {"version": {"version_data": [{"version_value": "Version 1.1.4.0", "version_affected": "<="}]}, "product_name": "MTConnect Data Collector"}, {"version": {"version_data": [{"version_value": "Version 4.20W", "version_affected": "<="}]}, "product_name": "MX Component"}, {"version": {"version_data": [{"version_value": "Version 1.21X", "version_affected": "<="}]}, "product_name": "MX MESInterface"}, {"version": {"version_data": [{"version_value": "Version 1.12N", "version_affected": "<="}]}, "product_name": "MX MESInterface-R"}, {"version": {"version_data": [{"version_value": "Version 2.15R", "version_affected": "<="}]}, "product_name": "MX Sheet"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "Network Interface Board CC IE Control Utility"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "Network Interface Board CC IE Field Utility"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "Network Interface Board CC-Link Ver.2 Utility"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "Network Interface Board MNETH Utility"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "Position Board utility 2"}, {"version": {"version_data": [{"version_value": "version 1.53F", "version_affected": "<="}]}, "product_name": "PX Developer"}, {"version": {"version_data": [{"version_value": "Version 3.73B", "version_affected": "<="}]}, "product_name": "RT ToolBox2"}, {"version": {"version_data": [{"version_value": "Version 1.82L", "version_affected": "<="}]}, "product_name": "RT ToolBox3"}, {"version": {"version_data": [{"version_value": "All Versions", "version_affected": "="}]}, "product_name": "Setting/monitoring tools for the C Controller module"}, {"version": {"version_data": [{"version_value": "Version 1.04E", "version_affected": "<="}]}, "product_name": "SLMP Data Collector"}]}, "vendor_name": "Mitsubishi Electric"}]}}, "solution": [{"lang": "en"}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04", "refsource": "MISC"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf", "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-428 Unquoted Search Path or Element"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-14521", "STATE": "PUBLIC", "TITLE": "Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element", "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-30T16:50:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2020-14521", "state": "PUBLISHED", "dateUpdated": "2025-04-16T18:01:31.445Z", "dateReserved": "2020-06-19T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-02-11T17:40:28.403Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:c_controller_interface_module_utility:*:*:*:*:*:*:*:*", "matchCriteriaId": "23DA824B-6169-477E-ABE6-251673287DBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:c_controller_module_setting_and_monitoring_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DB4A4DA-DBC0-42A8-B933-933DE45F004D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:cc-link_ie_control_network_data_collector:1.00a:*:*:*:*:*:*:*", "matchCriteriaId": "147760E8-B888-481C-8669-C989B96CD642", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:cc-link_ie_field_network_data_collector:1.00a:*:*:*:*:*:*:*", "matchCriteriaId": "DD410E22-1E58-412B-8A03-2BDE25714E89", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:cc-link_ie_tsn_data_collector:1.00a:*:*:*:*:*:*:*", "matchCriteriaId": "82B337E7-3656-445B-9EA1-FEFC80C37819", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFB022B0-D30E-4EA9-BDB3-BD5784144F45", "versionEndIncluding": "1.100e", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*", "matchCriteriaId": "892E3CDC-AFC4-4EF1-AF46-3F161603DDB1", "versionEndIncluding": "1.010l", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:data_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "45BCA319-1B52-468E-BB59-A2AA2C491361", "versionEndIncluding": "3.42u", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0BF4793-8A65-4CB6-9B62-4388CBD84033", "versionEndIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:*:*:*:*:*:*:*:*", "matchCriteriaId": "D236ABC2-93E4-4428-B949-7E17945E4D98", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED78B28-BBBF-4869-BC1C-F0789867FB4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gt_designer2_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B2B348C-0C2E-43A7-A606-102CB0E08B4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot1000:*:*:*:*:*:*:*:*", "matchCriteriaId": "F21C6BDF-DD7F-4462-9F74-4A91E4BA936C", "versionEndIncluding": "3.200j", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEF6E106-73A6-403B-A731-0372521E412D", "versionEndIncluding": "1.241b", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_developer:*:*:*:*:*:*:*:*", "matchCriteriaId": "5589F3F2-0857-4D95-9F63-EE66452BE566", "versionEndIncluding": "8.504a", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_logviewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "591B76E1-665F-4473-8A65-B8549B61807F", "versionEndIncluding": "1.100e", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E36C451-A531-4EEB-9574-0AC0116D910D", "versionEndIncluding": "1.601b", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE537EF6-72AE-4091-AF6E-9959C3F45632", "versionEndIncluding": "1.063r", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:m_commdtm-io-link:*:*:*:*:*:*:*:*", "matchCriteriaId": "87B55AB8-B00D-4960-9F31-45E1855B109E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:melfa-works:*:*:*:*:*:*:*:*", "matchCriteriaId": "4116C452-19C3-4F48-8A05-864BD884BDD0", "versionEndIncluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:melsec_wincpu_setting_utility:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C51CF8E-49C1-418C-B410-50B23F9A23D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_complete_clean_up_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6D30BBF-E50B-4C27-9A33-902D05F987AD", "versionEndIncluding": "1.06g", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_em_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "724C0E0B-5658-4040-A925-A07128EAD323", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F2EA556-367B-4F32-99D2-C685742CCAEE", "versionEndIncluding": "1.17t", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DC7353B-EFF7-432D-8F88-0D5EBBBBE4C0", "versionEndIncluding": "2.74c", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*", "matchCriteriaId": "A661B972-912C-4DAA-9518-CC01E0EB1A81", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:motion_control_setting:*:*:*:*:*:*:*:*", "matchCriteriaId": "12866465-10B2-4D45-B693-AE8C0EF34ADF", "versionEndIncluding": "1.005f", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:motorizer:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D82696C-937C-4B49-B748-006A6E836B03", "versionEndIncluding": "1.005f", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEDAE974-4101-4B93-8DB5-8E93882AE3C5", "versionEndIncluding": "1.125f", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*", "matchCriteriaId": "57031F64-353E-403C-B7F8-0A145E70CBE7", "versionEndIncluding": "1.167z", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mtconnect_data_collector:*:*:*:*:*:*:*:*", "matchCriteriaId": "2561FAAC-19E7-48EE-AC80-8F9965EB2B2A", "versionEndIncluding": "1.1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0C9B5B3-D4F6-4E00-89B4-964516BB989B", "versionEndIncluding": "4.20w", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mx_mesinterface:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F84606A-A815-4A4C-9B7A-3A47449044D8", "versionEndIncluding": "1.21x", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mx_mesinterface-r:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3CBAD07-E3E5-45C3-9208-B2F891D879F3", "versionEndIncluding": "1.12n", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:mx_sheet:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA891D85-4E28-4AA6-8393-5EC58C4BD923", "versionEndIncluding": "2.15r", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:position_board_utility_2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4AC335D-3FF8-42A6-9567-023248CF7256", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:px_developer:*:*:*:*:*:*:*:*", "matchCriteriaId": "445EF081-A7BB-4568-850F-00CF58060D62", "versionEndIncluding": "1.53f", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:rt_toolbox2:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BD4EC4A-ACF7-45F2-893D-569B4F8F8909", "versionEndIncluding": "3.73b", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*", "matchCriteriaId": "779B0C13-D3DD-4D27-B18B-C0119B7BC5CB", "versionEndIncluding": "1.82l", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:setting\\/monitoring_tools_for_the_c_controller_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "85CBC7FE-6EF9-4DA5-8128-849233A8DC72", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:slmp_data_collector:*:*:*:*:*:*:*:*", "matchCriteriaId": "8814A8BA-AA54-4270-AAB1-679D0881D715", "versionEndIncluding": "1.04e", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:gt_designer3:*:*:*:*:*:*:*:*", "matchCriteriaId": "45AFD554-F595-4B11-92DC-5655E8203C76", "versionEndIncluding": "1.241b", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt10:-:*:*:*:*:*:*:*", "matchCriteriaId": "70B37C4A-147A-4A7D-8F29-E2C366B54D68", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt11:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AB71211-39CF-4AB7-8D7A-B6FC5C2A9FBC", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt12:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E639243-577F-4787-8724-C1FEC886631D", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt14:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3BD1AB4-3A3D-46CD-B613-3E3613AAA273", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt15:-:*:*:*:*:*:*:*", "matchCriteriaId": "29141984-191A-4A36-996D-9B60830CEA60", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt16:-:*:*:*:*:*:*:*", "matchCriteriaId": "647842FC-AC89-462E-9856-3BB1E469CB52", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt21:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EFBF467-8492-4CFB-8669-424A71B3CBAF", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt23:-:*:*:*:*:*:*:*", "matchCriteriaId": "1379891B-B1EC-433F-918B-8E9A4FBC0352", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt25:-:*:*:*:*:*:*:*", "matchCriteriaId": "5ADE2CDE-AB27-42DD-B4C0-1F4B2F55FE88", "vulnerable": false}, {"criteria": "cpe:2.3:h:mitsubishielectric:got1000_series_gt27:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AD87755-DECB-4007-970F-A082EE983EB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_cc-link_ver.2_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5162D96A-EFDD-4679-B9A1-76CDAF00CA58", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_cc-link_ver.2_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "43223F6D-B64C-49D7-8A04-DDB09B6D698E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_control_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF03D46-5539-432E-B67B-1D4494D3BBD6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_control_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8ABB436-86C7-49BB-B95B-FD61BE60BAD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_cc_ie_field_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "95873A25-2480-45F1-8FE3-D190AE9A824B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_cc_ie_field_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A756E0D-EB80-4601-B07A-4F5ECD8D424F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:network_interface_board_mneth_utility_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64CEB2D6-0113-47E9-A238-373472907CE5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:network_interface_board_mneth_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "03EAB2BF-B0EF-4899-BF6D-3C0975462178", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition."}, {"lang": "es", "value": "diversos productos de software de ingenier\u00eda de Mitsubishi Electric Factory Automation presentan una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo malicioso. Un atacante malicioso podr\u00eda usar esta vulnerabilidad para obtener informaci\u00f3n, modificar informaci\u00f3n y causar una condici\u00f3n de denegaci\u00f3n de servicio"}], "id": "CVE-2020-14521", "lastModified": "2024-11-21T05:03:26.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-11T18:15:08.513", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}