Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01264.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Mitsubishi Electric CW Configurator affected
Version Status Constraints
unspecified affected ≤ Version 1.010L
Mitsubishi Electric FR Configurator2 affected
Version Status Constraints
unspecified affected ≤ Version 1.22Y
Mitsubishi Electric GX Works2 affected
Version Status Constraints
unspecified affected ≤ Version 1.595V
Mitsubishi Electric GX Works3 affected
Version Status Constraints
unspecified affected ≤ Version 1.063R
Mitsubishi Electric MELSOFT iQ AppPortal affected
Version Status Constraints
unspecified affected ≤ Version 1.17T
Mitsubishi Electric MELSOFT Navigator affected
Version Status Constraints
unspecified affected ≤ Version2.70Y
Mitsubishi Electric MI Configurator affected
Version Status Constraints
All Versions affected
Mitsubishi Electric MR Configurator2 affected
Version Status Constraints
unspecified affected ≤ Version 1.110Q
Mitsubishi Electric MT Works2 affected
Version Status Constraints
unspecified affected ≤ Versions 1.156N
Mitsubishi Electric MX Component affected
Version Status Constraints
unspecified affected ≤ Version 4.20W
Mitsubishi Electric RT ToolBox3 affected
Version Status Constraints
unspecified affected ≤ Versions 1.70Y
Mitsubishi Electric MELSEC iQ-R Series Motion Module affected
Version Status Constraints
unspecified affected ≤ Versions 10

Configuration 1 [-]

OR cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:iu_configuration_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:iu_developer2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mi_configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mr_configurator2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:rt_toolbox3:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:mitsubishielectric:rd78g4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g4:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:mitsubishielectric:rd78g8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:mitsubishielectric:rd78g16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g16:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:mitsubishielectric:rd78g32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g32:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:mitsubishielectric:rd78g64_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78g64:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:mitsubishielectric:rd78ghv_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78ghv:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:mitsubishielectric:rd78ghw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rd78ghw:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Mitsubishielectric Subscribe
Cw Configurator Subscribe
Fr Configurator2 Subscribe
Gx Works2 Subscribe
Gx Works3 Subscribe
Iu Configuration Tool Subscribe
Iu Developer2 Subscribe
Melsoft Iq Appportal Subscribe
Melsoft Navigator Subscribe
Mi Configurator Subscribe
Mr Configurator2 Subscribe
Mt Works2 Subscribe
Mx Component Subscribe
Rd78g16 Subscribe
Rd78g16 Firmware Subscribe
Rd78g32 Subscribe
Rd78g32 Firmware Subscribe
Rd78g4 Subscribe
Rd78g4 Firmware Subscribe
Rd78g64 Subscribe
Rd78g64 Firmware Subscribe
Rd78g8 Subscribe
Rd78g8 Firmware Subscribe
Rd78ghv Subscribe
Rd78ghv Firmware Subscribe
Rd78ghw Subscribe
Rd78ghw Firmware Subscribe
Rt Toolbox3 Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2020-6659 Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://jvn.jp/vu/JVNVU90224831/ cve-icon cve-icon
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03 cve-icon cve-icon
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf cve-icon cve-icon
History

Wed, 16 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-04-16T18:01:22.616Z

Reserved: 2020-06-19T00:00:00.000Z

Link: CVE-2020-14523

cve-icon Vulnrichment

Updated: 2024-08-04T12:46:34.640Z

cve-icon NVD

Status : Modified

Published: 2022-02-11T18:15:08.577

Modified: 2024-11-21T05:03:27.300

Link: CVE-2020-14523

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses