CVE-2020-14523

moderate-risk
Published 2022-02-11

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.3/10 High
NETWORK / HIGH complexity

Affected Products (20)

Cw Configurator
Fr Configurator2
Iu Configuration Tool
Iu Developer2
Melsoft Iq Appportal
Melsoft Navigator
Mi Configurator
Mr Configurator2
Mt Works2
Mx Component
Rt Toolbox3
Rd78G4 Firmware
Rd78G8 Firmware
Rd78G16 Firmware
Rd78G32 Firmware
Rd78G64 Firmware
Rd78Ghv Firmware
Rd78Ghw Firmware

Affected Vendors

Mitsubishielectric

References (6)

Third Party Advisory https://jvn.jp/vu/JVNVU90224831/
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03
Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf
Third Party Advisory https://jvn.jp/vu/JVNVU90224831/
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03
Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf
49
/ 100
moderate-risk
Severity 25/34 · High
Exploitability 4/34 · Minimal
Exposure 20/34 · Moderate