CVE-2020-14521

high-risk

Published 2022-02-11

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Do I need to act?

0.24% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.3/10 High

NETWORK / HIGH complexity

Affected Products (20)

C Controller Interface Module Utility

C Controller Module Setting And Monitoring Tool

Cc-Link Ie Control Network Data Collector

Cc-Link Ie Field Network Data Collector

Cc-Link Ie Tsn Data Collector

Cpu Module Logging Configuration Tool

Cw Configurator

Data Transfer

Ezsocket

Fr Configurator Sw3

Fr Configurator2

Gt Designer2 Classic

Gt Softgot1000

Gt Softgot2000

Gx Developer

Gx Logviewer

Gx Works2

Gx Works3

M Commdtm-Io-Link

Melfa-Works

Affected Vendors

Mitsubishielectric

References (4)

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04

Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04

Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf

/ 100

high-risk

Severity 25/34 · High

Exploitability 1/34 · Minimal

Exposure 25/34 · High