CVE-2020-14523
Mitsubishi Electric Factory Automation Products Path Traversal
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
diversos productos de Mitsubishi Electric Factory Automation presentan una vulnerabilidad que permite a un atacante ejecutar código arbitrario
*Credits:
Mashav Sapir of Claroty reported this vulnerability to CISA
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-19 CVE Reserved
- 2022-02-11 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU90224831 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03 | 2022-03-01 |
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf | 2022-03-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g4 Firmware Search vendor "Mitsubishielectric" for product "Rd78g4 Firmware" | <= 10 Search vendor "Mitsubishielectric" for product "Rd78g4 Firmware" and version " <= 10" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g4 Search vendor "Mitsubishielectric" for product "Rd78g4" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g8 Firmware Search vendor "Mitsubishielectric" for product "Rd78g8 Firmware" | <= 10 Search vendor "Mitsubishielectric" for product "Rd78g8 Firmware" and version " <= 10" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g8 Search vendor "Mitsubishielectric" for product "Rd78g8" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g16 Firmware Search vendor "Mitsubishielectric" for product "Rd78g16 Firmware" | <= 10 Search vendor "Mitsubishielectric" for product "Rd78g16 Firmware" and version " <= 10" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g16 Search vendor "Mitsubishielectric" for product "Rd78g16" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g32 Firmware Search vendor "Mitsubishielectric" for product "Rd78g32 Firmware" | <= 10 Search vendor "Mitsubishielectric" for product "Rd78g32 Firmware" and version " <= 10" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g32 Search vendor "Mitsubishielectric" for product "Rd78g32" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g64 Firmware Search vendor "Mitsubishielectric" for product "Rd78g64 Firmware" | <= 10 Search vendor "Mitsubishielectric" for product "Rd78g64 Firmware" and version " <= 10" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78g64 Search vendor "Mitsubishielectric" for product "Rd78g64" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78ghv Firmware Search vendor "Mitsubishielectric" for product "Rd78ghv Firmware" | <= 10 Search vendor "Mitsubishielectric" for product "Rd78ghv Firmware" and version " <= 10" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78ghv Search vendor "Mitsubishielectric" for product "Rd78ghv" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78ghw Firmware Search vendor "Mitsubishielectric" for product "Rd78ghw Firmware" | <= 10 Search vendor "Mitsubishielectric" for product "Rd78ghw Firmware" and version " <= 10" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Rd78ghw Search vendor "Mitsubishielectric" for product "Rd78ghw" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Cw Configurator Search vendor "Mitsubishielectric" for product "Cw Configurator" | <= 1.010l Search vendor "Mitsubishielectric" for product "Cw Configurator" and version " <= 1.010l" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Fr Configurator2 Search vendor "Mitsubishielectric" for product "Fr Configurator2" | <= 1.22y Search vendor "Mitsubishielectric" for product "Fr Configurator2" and version " <= 1.22y" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gx Works2 Search vendor "Mitsubishielectric" for product "Gx Works2" | <= 1.595v Search vendor "Mitsubishielectric" for product "Gx Works2" and version " <= 1.595v" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3" | <= 1.063r Search vendor "Mitsubishielectric" for product "Gx Works3" and version " <= 1.063r" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Iu Configuration Tool Search vendor "Mitsubishielectric" for product "Iu Configuration Tool" | <= 1.04 Search vendor "Mitsubishielectric" for product "Iu Configuration Tool" and version " <= 1.04" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Iu Developer2 Search vendor "Mitsubishielectric" for product "Iu Developer2" | <= 1.08 Search vendor "Mitsubishielectric" for product "Iu Developer2" and version " <= 1.08" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsoft Iq Appportal Search vendor "Mitsubishielectric" for product "Melsoft Iq Appportal" | <= 1.17t Search vendor "Mitsubishielectric" for product "Melsoft Iq Appportal" and version " <= 1.17t" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsoft Navigator Search vendor "Mitsubishielectric" for product "Melsoft Navigator" | <= 2.70y Search vendor "Mitsubishielectric" for product "Melsoft Navigator" and version " <= 2.70y" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mi Configurator Search vendor "Mitsubishielectric" for product "Mi Configurator" | * | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mr Configurator2 Search vendor "Mitsubishielectric" for product "Mr Configurator2" | <= 1.110q Search vendor "Mitsubishielectric" for product "Mr Configurator2" and version " <= 1.110q" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mt Works2 Search vendor "Mitsubishielectric" for product "Mt Works2" | <= 1.156n Search vendor "Mitsubishielectric" for product "Mt Works2" and version " <= 1.156n" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mx Component Search vendor "Mitsubishielectric" for product "Mx Component" | <= 4.20w Search vendor "Mitsubishielectric" for product "Mx Component" and version " <= 4.20w" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rt Toolbox3 Search vendor "Mitsubishielectric" for product "Rt Toolbox3" | <= 1.70y Search vendor "Mitsubishielectric" for product "Rt Toolbox3" and version " <= 1.70y" | - |
Affected
| ||||||