Vulnerabilites related to Mitsubishi Electric - MELSEC FX series
var-202006-1511
Vulnerability from variot
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-f",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec fx series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-f series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec l series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec q series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "electric melsec fx",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-r",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-f",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec q",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec l",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5594",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5594",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5594",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-005854",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5594",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91424496",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-175-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2176",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"id": "VAR-202006-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
],
"trust": 1.3499999919999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
]
},
"last_update_date": "2024-11-23T22:33:25.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91424496"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2020-06-23T08:15:10.487000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2024-11-21T05:34:19.893000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R , iQ-F , Q , L , FX Of the series CPU With the unit GX Works3 and GX Works2 Vulnerability in plaintext communication between",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
}
}
jvndb-2020-005854
Vulnerability from jvndb
Published
2020-06-24 10:32
Modified
2020-06-24 10:32
Severity ?
Summary
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information
Details
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU91424496/ | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5594 | |
| ICS-CERT ADVISORY | https://www.us-cert.gov/ics/advisories/icsa-20-175-01 | |
| Cleartext Transmission of Sensitive Information(CWE-319) | https://cwe.mitre.org/data/definitions/319.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
"dc:date": "2020-06-24T10:32+09:00",
"dcterms:issued": "2020-06-24T10:32+09:00",
"dcterms:modified": "2020-06-24T10:32+09:00",
"description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
"sec:cpe": [
{
"#text": "cpe:/o:mitsubishielectric:melsec-fx_firmware",
"@product": "MELSEC FX series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
"@product": "MELSEC L series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
"@product": "MELSEC Q series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
"@product": "MELSEC iQ-F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
"@product": "MELSEC iQ-R series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2020-005854",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91424496/",
"@id": "JVNVU#91424496",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594",
"@id": "CVE-2020-5594",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594",
"@id": "CVE-2020-5594",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01",
"@id": "ICSA-20-175-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
}
],
"title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information"
}