CVE-2020-14496
moderate-risk
Published 2022-05-19
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.3/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
Em Configurator
Fr Configurator2
Gt Designer3
Gt Softgot1000
Gx Logviewer
M Commdtm-Hart
M Commdtm-Io-Link
Melfa-Works
Melsoft Fielddeviceconfigurator
Melsoft Navigator
Motorizer
Mr Configurator2
Affected Vendors
References (2)
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02
48
/ 100
moderate-risk
Severity
25/34 · High
Exploitability
1/34 · Minimal
Exposure
22/34 · High