CVE-2020-5602
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Versiones 1.94Y y anteriores, Configurador CW Versiones 1.010L y anteriores, EM Software Development Kit (Configurador EM) Versiones 1.010L y anteriores, GT Designer3 (GOT2000) Versiones 1.221 F y anteriores, GX LogViewer Versiones 1.96A y anteriores, GX Works2 Versiones 1.586L y anteriores, GX Works3 Versiones 1.058L y anteriores, M_CommDTM-HART Versiones 1.00A, M_CommDTM-IO-Link Versiones 1.02C y anteriores , MELFA-Works Versiones 4.3 y anteriores, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Versiones 1.004E y anteriores, MELSOFT FieldDeviceConfigurator Versiones 1.03D y anteriores, MELSOFT iQ AppPortal Versiones 1.11M y anteriores, MELSOFT Navigator Versiones 2.58L y anteriores, MI Configurator Versiones 1.003D y anteriores, Motion Control Setting Versiones 1.005F y anteriores, MR Configurator2 Versiones 1.72A y anteriores, MT Works2 Versiones 1.156N y anteriores, RT ToolBox2 Versiones 3.72A y anteriores, y RT ToolBox3 Versiones 1.50C y anteriores, permite a un atacante conducir ataques de tipo XML External Entity (XXE) por medio de vectores no especificados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-06 CVE Reserved
- 2020-06-30 CVE Published
- 2023-03-16 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/vu/JVNVU90307594/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-004_en.pdf | 2020-07-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishielectric Search vendor "Mitsubishielectric" | Cpu Module Logging Configuration Tool Search vendor "Mitsubishielectric" for product "Cpu Module Logging Configuration Tool" | <= 1.94y Search vendor "Mitsubishielectric" for product "Cpu Module Logging Configuration Tool" and version " <= 1.94y" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Cw Configurator Search vendor "Mitsubishielectric" for product "Cw Configurator" | <= 1.010l Search vendor "Mitsubishielectric" for product "Cw Configurator" and version " <= 1.010l" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Em Configurator Search vendor "Mitsubishielectric" for product "Em Configurator" | <= 1.010l Search vendor "Mitsubishielectric" for product "Em Configurator" and version " <= 1.010l" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gt Designer3 Search vendor "Mitsubishielectric" for product "Gt Designer3" | <= 1.221f Search vendor "Mitsubishielectric" for product "Gt Designer3" and version " <= 1.221f" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gx Logviewer Search vendor "Mitsubishielectric" for product "Gx Logviewer" | <= 1.100e Search vendor "Mitsubishielectric" for product "Gx Logviewer" and version " <= 1.100e" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gx Works2 Search vendor "Mitsubishielectric" for product "Gx Works2" | <= 1.590q Search vendor "Mitsubishielectric" for product "Gx Works2" and version " <= 1.590q" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3" | <= 1.060n Search vendor "Mitsubishielectric" for product "Gx Works3" and version " <= 1.060n" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | M Commdtm-hart Search vendor "Mitsubishielectric" for product "M Commdtm-hart" | <= 1.01b Search vendor "Mitsubishielectric" for product "M Commdtm-hart" and version " <= 1.01b" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | M Commdtm-io-link Search vendor "Mitsubishielectric" for product "M Commdtm-io-link" | <= 1.03d Search vendor "Mitsubishielectric" for product "M Commdtm-io-link" and version " <= 1.03d" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melfa-works Search vendor "Mitsubishielectric" for product "Melfa-works" | <= 4.4 Search vendor "Mitsubishielectric" for product "Melfa-works" and version " <= 4.4" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsec-l Flexible High-speed I\/o Control Module Configuration Tool Search vendor "Mitsubishielectric" for product "Melsec-l Flexible High-speed I\/o Control Module Configuration Tool" | <= 1.005f Search vendor "Mitsubishielectric" for product "Melsec-l Flexible High-speed I\/o Control Module Configuration Tool" and version " <= 1.005f" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsoft Fielddeviceconfigurator Search vendor "Mitsubishielectric" for product "Melsoft Fielddeviceconfigurator" | <= 1.04e Search vendor "Mitsubishielectric" for product "Melsoft Fielddeviceconfigurator" and version " <= 1.04e" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsoft Iq Appportal Search vendor "Mitsubishielectric" for product "Melsoft Iq Appportal" | <= 1.14q Search vendor "Mitsubishielectric" for product "Melsoft Iq Appportal" and version " <= 1.14q" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsoft Navigator Search vendor "Mitsubishielectric" for product "Melsoft Navigator" | <= 2.62q Search vendor "Mitsubishielectric" for product "Melsoft Navigator" and version " <= 2.62q" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mi Configurator Search vendor "Mitsubishielectric" for product "Mi Configurator" | <= 1.004e Search vendor "Mitsubishielectric" for product "Mi Configurator" and version " <= 1.004e" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Motion Control Setting Search vendor "Mitsubishielectric" for product "Motion Control Setting" | <= 1.006g Search vendor "Mitsubishielectric" for product "Motion Control Setting" and version " <= 1.006g" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mr Configurator2 Search vendor "Mitsubishielectric" for product "Mr Configurator2" | <= 1.100e Search vendor "Mitsubishielectric" for product "Mr Configurator2" and version " <= 1.100e" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mt Works2 Search vendor "Mitsubishielectric" for product "Mt Works2" | <= 1.160s Search vendor "Mitsubishielectric" for product "Mt Works2" and version " <= 1.160s" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rt Toolbox2 Search vendor "Mitsubishielectric" for product "Rt Toolbox2" | <= 3.73b Search vendor "Mitsubishielectric" for product "Rt Toolbox2" and version " <= 3.73b" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Rt Toolbox3 Search vendor "Mitsubishielectric" for product "Rt Toolbox3" | <= 1.60n Search vendor "Mitsubishielectric" for product "Rt Toolbox3" and version " <= 1.60n" | - |
Affected
| ||||||