CVE-2020-14496

Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues

Description

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

Category

8.3
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.11%
Third-Party Advisory cisa.gov
Affected: Mitsubishi Electric CPU Module Logging Configuration Tool
Affected: Mitsubishi Electric CW Configurator
Affected: Mitsubishi Electric Data Transfer
Affected: Mitsubishi Electric EZSocket
Affected: Mitsubishi Electric FR Configurator2
Affected: Mitsubishi Electric GT Designer3 Version1 (GOT2000)
Affected: Mitsubishi Electric GT SoftGOT1000 Version3
Affected: Mitsubishi Electric GT SoftGOT1000 Version3
Affected: Mitsubishi Electric GT SoftGOT2000 Version1
Affected: Mitsubishi Electric GX LogViewer
Affected: Mitsubishi Electric GX Works2
Affected: Mitsubishi Electric GX Works3
Affected: Mitsubishi Electric M_CommDTM-HART
Affected: Mitsubishi Electric M_CommDTM-IO-Link
Affected: Mitsubishi Electric MELFA-Works
Affected: Mitsubishi Electric MELSEC WinCPU Setting Utility
Affected: Mitsubishi Electric MELSOFT EM Software Development Kit (EM Configurator)
Affected: Mitsubishi Electric MELSOFT FieldDeviceConfigurator
Affected: Mitsubishi Electric MELSOFT Navigator
Affected: Mitsubishi Electric MH11 SettingTool Version2
Affected: Mitsubishi Electric MI Configurator
Affected: Mitsubishi Electric Motorizer
Affected: Mitsubishi Electric MR Configurator2
Affected: Mitsubishi Electric MT Works2
Affected: Mitsubishi Electric MX Component
Affected: Mitsubishi Electric Network Interface Board CC IE Control utility
Affected: Mitsubishi Electric Network Interface Board CC IE Field Utility
Affected: Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility
Affected: Mitsubishi Electric Network Interface Board MNETH utility
Affected: Mitsubishi Electric PX Developer
Affected: Mitsubishi Electric RT ToolBox2
Affected: Mitsubishi Electric RT ToolBox3
Affected: Mitsubishi Electric Setting/monitoring tools for the C Controller module
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2020-14496?
CVE-2020-14496 has been scored as a high severity vulnerability.
How to fix CVE-2020-14496?
To fix CVE-2020-14496, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-14496 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-14496 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-14496?
CVE-2020-14496 affects Mitsubishi Electric CPU Module Logging Configuration Tool, Mitsubishi Electric CW Configurator, Mitsubishi Electric Data Transfer, Mitsubishi Electric EZSocket, Mitsubishi Electric FR Configurator2, Mitsubishi Electric GT Designer3 Version1 (GOT2000), Mitsubishi Electric GT SoftGOT1000 Version3, Mitsubishi Electric GT SoftGOT1000 Version3, Mitsubishi Electric GT SoftGOT2000 Version1, Mitsubishi Electric GX LogViewer, Mitsubishi Electric GX Works2, Mitsubishi Electric GX Works3, Mitsubishi Electric M_CommDTM-HART, Mitsubishi Electric M_CommDTM-IO-Link, Mitsubishi Electric MELFA-Works, Mitsubishi Electric MELSEC WinCPU Setting Utility, Mitsubishi Electric MELSOFT EM Software Development Kit (EM Configurator), Mitsubishi Electric MELSOFT FieldDeviceConfigurator, Mitsubishi Electric MELSOFT Navigator, Mitsubishi Electric MH11 SettingTool Version2, Mitsubishi Electric MI Configurator, Mitsubishi Electric Motorizer, Mitsubishi Electric MR Configurator2, Mitsubishi Electric MT Works2, Mitsubishi Electric MX Component, Mitsubishi Electric Network Interface Board CC IE Control utility, Mitsubishi Electric Network Interface Board CC IE Field Utility, Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility, Mitsubishi Electric Network Interface Board MNETH utility, Mitsubishi Electric PX Developer, Mitsubishi Electric RT ToolBox2, Mitsubishi Electric RT ToolBox3, Mitsubishi Electric Setting/monitoring tools for the C Controller module.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.