Vulnerabilites related to mitsubishielectric - melsec-l
Vulnerability from fkie_nvd
Published
2020-06-23 08:15
Modified
2024-11-21 05:34
Severity ?
Summary
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2A20BD-77FE-42A3-9AC6-597470CD1212",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC1A84-A51D-4E56-BA7A-9C1D21DDF8D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1644AECC-4A04-4209-9654-668D6B3B093B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "175AA161-6775-4715-85A2-4AD426D131F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1047B633-7FE4-47C2-846F-5878DA5D3038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "418EA7F6-FB8D-4192-8BEC-E34BBF98400A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93701E98-1A2C-45EE-933F-2FA9D803A875",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCADAD32-6840-45C7-94E1-DD7BE0A59417",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25DCC54F-CA89-41BC-8C3F-89084911956D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "455C03F1-8A83-493D-9DAD-F7D0950105AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
},
{
"lang": "es",
"value": "Todos los m\u00f3dulos de CPU de las series Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L y FX, contienen una vulnerabilidad que permite la transmisi\u00f3n de informaci\u00f3n confidencial entre m\u00f3dulos de CPU y GX Works3 y/o GX Works2 por medio de vectores no especificados"
}
],
"id": "CVE-2020-5594",
"lastModified": "2024-11-21T05:34:19.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-23T08:15:10.487",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-5594 (GCVE-0-2020-5594)
Vulnerability from cvelistv5
Published
2020-06-23 07:35
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cleartext Transmission of Sensitive Information
Summary
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf | x_refsource_MISC | |
| https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU91424496/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules |
Version: all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-23T07:35:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91424496/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5594",
"datePublished": "2020-06-23T07:35:23",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202006-1511
Vulnerability from variot
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-f",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec fx series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-f series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec l series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec q series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "electric melsec fx",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-r",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-f",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec q",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec l",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5594",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5594",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5594",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-005854",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5594",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91424496",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-175-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2176",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"id": "VAR-202006-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
],
"trust": 1.3499999919999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
]
},
"last_update_date": "2024-11-23T22:33:25.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91424496"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2020-06-23T08:15:10.487000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2024-11-21T05:34:19.893000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R , iQ-F , Q , L , FX Of the series CPU With the unit GX Works3 and GX Works2 Vulnerability in plaintext communication between",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
}
}