CVE-2020-14521

Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element

Description

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.

Categories

8.3
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.15%
Vendor Advisory mitsubishielectric.com
Affected: Mitsubishi Electric C Controller Interface Module Utility
Affected: Mitsubishi Electric CC-Link IE Control Network Data Collector
Affected: Mitsubishi Electric CC-Link IE Field Network Data Collector
Affected: Mitsubishi Electric CC-Link IE TSN Data Collector
Affected: Mitsubishi Electric CPU Module Logging Configuration Tool
Affected: Mitsubishi Electric CW Configurator
Affected: Mitsubishi Electric Data Transfer
Affected: Mitsubishi Electric EZSocket
Affected: Mitsubishi Electric FR Configurator SW3
Affected: Mitsubishi Electric FR Configurator2
Affected: Mitsubishi Electric GT Designer2 Classic
Affected: Mitsubishi Electric GT Designer3 Version1 (GOT1000)
Affected: Mitsubishi Electric GT Designer3 Version1 (GOT2000)
Affected: Mitsubishi Electric GT SoftGOT1000 Version3
Affected: Mitsubishi Electric GT SoftGOT2000 Version1
Affected: Mitsubishi Electric GX Developer
Affected: Mitsubishi Electric GX LogViewer
Affected: Mitsubishi Electric GX Works2
Affected: Mitsubishi Electric GX Works3
Affected: Mitsubishi Electric M_CommDTM-IO-Link
Affected: Mitsubishi Electric MELFA-Works
Affected: Mitsubishi Electric MELSEC WinCPU Setting Utility
Affected: Mitsubishi Electric MELSOFT Complete Clean Up Tool
Affected: Mitsubishi Electric MELSOFT EM Software Development Kit
Affected: Mitsubishi Electric MELSOFT iQ AppPortal
Affected: Mitsubishi Electric MELSOFT Navigator
Affected: Mitsubishi Electric MI Configurator
Affected: Mitsubishi Electric Motion Control Setting
Affected: Mitsubishi Electric Motorizer
Affected: Mitsubishi Electric MR Configurator2
Affected: Mitsubishi Electric MT Works2
Affected: Mitsubishi Electric MTConnect Data Collector
Affected: Mitsubishi Electric MX Component
Affected: Mitsubishi Electric MX MESInterface
Affected: Mitsubishi Electric MX MESInterface-R
Affected: Mitsubishi Electric MX Sheet
Affected: Mitsubishi Electric Network Interface Board CC IE Control Utility
Affected: Mitsubishi Electric Network Interface Board CC IE Field Utility
Affected: Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility
Affected: Mitsubishi Electric Network Interface Board MNETH Utility
Affected: Mitsubishi Electric Position Board utility 2
Affected: Mitsubishi Electric PX Developer
Affected: Mitsubishi Electric RT ToolBox2
Affected: Mitsubishi Electric RT ToolBox3
Affected: Mitsubishi Electric Setting/Monitoring tools for the C Controller module
Affected: Mitsubishi Electric SLMP Data Collector
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04 us government resource third party advisory government resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-14521?
CVE-2020-14521 has been scored as a high severity vulnerability.
How to fix CVE-2020-14521?
To fix CVE-2020-14521, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-14521 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-14521 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-14521?
CVE-2020-14521 affects Mitsubishi Electric C Controller Interface Module Utility, Mitsubishi Electric CC-Link IE Control Network Data Collector, Mitsubishi Electric CC-Link IE Field Network Data Collector, Mitsubishi Electric CC-Link IE TSN Data Collector, Mitsubishi Electric CPU Module Logging Configuration Tool, Mitsubishi Electric CW Configurator, Mitsubishi Electric Data Transfer, Mitsubishi Electric EZSocket, Mitsubishi Electric FR Configurator SW3, Mitsubishi Electric FR Configurator2, Mitsubishi Electric GT Designer2 Classic, Mitsubishi Electric GT Designer3 Version1 (GOT1000), Mitsubishi Electric GT Designer3 Version1 (GOT2000), Mitsubishi Electric GT SoftGOT1000 Version3, Mitsubishi Electric GT SoftGOT2000 Version1, Mitsubishi Electric GX Developer, Mitsubishi Electric GX LogViewer, Mitsubishi Electric GX Works2, Mitsubishi Electric GX Works3, Mitsubishi Electric M_CommDTM-IO-Link, Mitsubishi Electric MELFA-Works, Mitsubishi Electric MELSEC WinCPU Setting Utility, Mitsubishi Electric MELSOFT Complete Clean Up Tool, Mitsubishi Electric MELSOFT EM Software Development Kit, Mitsubishi Electric MELSOFT iQ AppPortal, Mitsubishi Electric MELSOFT Navigator, Mitsubishi Electric MI Configurator, Mitsubishi Electric Motion Control Setting, Mitsubishi Electric Motorizer, Mitsubishi Electric MR Configurator2, Mitsubishi Electric MT Works2, Mitsubishi Electric MTConnect Data Collector, Mitsubishi Electric MX Component, Mitsubishi Electric MX MESInterface, Mitsubishi Electric MX MESInterface-R, Mitsubishi Electric MX Sheet, Mitsubishi Electric Network Interface Board CC IE Control Utility, Mitsubishi Electric Network Interface Board CC IE Field Utility, Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility, Mitsubishi Electric Network Interface Board MNETH Utility, Mitsubishi Electric Position Board utility 2, Mitsubishi Electric PX Developer, Mitsubishi Electric RT ToolBox2, Mitsubishi Electric RT ToolBox3, Mitsubishi Electric Setting/Monitoring tools for the C Controller module, Mitsubishi Electric SLMP Data Collector.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.