cvelistv5 - CVE-2020-5594

CVE-2020-5594 (GCVE-0-2020-5594)

Vulnerability from cvelistv5

Published

2020-06-23 07:35

Modified

2024-08-04 08:30

Severity ?

CWE

Cleartext Transmission of Sensitive Information

Summary

References

URL

	Vendor	Product	Version
	Mitsubishi Electric Corporation	MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules	Version: all versions

CVE-2020-5594

Vulnerability from jvndb

Published

2020-06-24 10:32

Modified

2020-06-24 10:32

Severity ?

10.0 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information

Details

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU91424496/
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5594
	ICS-CERT ADVISORY	https://www.us-cert.gov/ics/advisories/icsa-20-175-01
	Cleartext Transmission of Sensitive Information(CWE-319)	https://cwe.mitre.org/data/definitions/319.html

Impacted products

Vendor

Product

	Mitsubishi Electric	MELSEC FX series
	Mitsubishi Electric	MELSEC L series
	Mitsubishi Electric	MELSEC Q series
	Mitsubishi Electric	MELSEC iQ-F series
	Mitsubishi Electric	MELSEC iQ-R series

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
  "dc:date": "2020-06-24T10:32+09:00",
  "dcterms:issued": "2020-06-24T10:32+09:00",
  "dcterms:modified": "2020-06-24T10:32+09:00",
  "description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:mitsubishielectric:melsec-fx_firmware",
      "@product": "MELSEC FX series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
      "@product": "MELSEC L series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
      "@product": "MELSEC Q series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
      "@product": "MELSEC iQ-F series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
      "@product": "MELSEC iQ-R series",
      "@vendor": "Mitsubishi Electric",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2020-005854",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU91424496/",
      "@id": "JVNVU#91424496",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594",
      "@id": "CVE-2020-5594",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594",
      "@id": "CVE-2020-5594",
      "@source": "NVD"
    },
    {
      "#text": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01",
      "@id": "ICSA-20-175-01",
      "@source": "ICS-CERT ADVISORY"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/319.html",
      "@id": "CWE-319",
      "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
    }
  ],
  "title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information"
}

ghsa-2vf3-pgp6-m4w5

Vulnerability from github

Published

2022-05-24 17:21

Modified

2022-05-24 17:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5594"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-23T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.",
  "id": "GHSA-2vf3-pgp6-m4w5",
  "modified": "2022-05-24T17:21:31Z",
  "published": "2022-05-24T17:21:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-5594

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5594

Aliases

CVE-2020-5594

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5594",
    "description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.",
    "id": "GSD-2020-5594"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5594"
      ],
      "details": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.",
      "id": "GSD-2020-5594",
      "modified": "2023-12-13T01:22:03.874220Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5594",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cleartext Transmission of Sensitive Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
          },
          {
            "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          },
          {
            "name": "https://jvn.jp/en/vu/JVNVU91424496/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5594"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/vu/JVNVU91424496/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
            },
            {
              "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-07-01T19:09Z",
      "publishedDate": "2020-06-23T08:15Z"
    }
  }
}

icsa-20-175-01

Vulnerability from csaf_cisa

Published

2020-06-23 00:00

Modified

2020-07-07 00:00

Summary

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow information disclosure, information tampering, unauthorized operation, or a denial-of-service condition.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Shunkai Zhu",
          "Rongkuan Ma",
          "Peng Cheng"
        ],
        "organization": "NESC Lab of Zhejiang University",
        "summary": "reporting this vulnerability to Mitsubishi Electric"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow information disclosure, information tampering, unauthorized operation, or a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-175-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-175-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-175-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-175-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)",
    "tracking": {
      "current_release_date": "2020-07-07T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-175-01",
      "initial_release_date": "2020-06-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-06-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-175-01 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX series CPU modules"
        },
        {
          "date": "2020-07-07T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-20-175-01 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "MELSEC iQ-R iQ-F Q L and FX series CPU modules: all versions",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R iQ-F Q L and FX series CPU modules"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-5594",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a vulnerability due to cleartext communication between Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules, and GX Works3/GX Works2. There are risks of communication data eavesdropping/tampering, unauthorized operation, and denial-of-service (DoS) attacks from attackers. CVE-2020-5594 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).. --------- End Update A Part 1 of 2 ---------CVE-2020-5594 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends encrypting the communication path by setting up a VPN to mitigate the impact of this vulnerability.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Additional information about the vulnerability is available by contacting a Mitsubishi Electric representative.https://us.mitsubishielectric.com/fa/en/about-us/distributors",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://us.mitsubishielectric.com/fa/en/about-us/distributors"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

ICSA-20-175-01

Vulnerability from csaf_cisa

Published

2020-06-23 00:00

Modified

2020-07-07 00:00

Summary

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of this vulnerability could allow information disclosure, information tampering, unauthorized operation, or a denial-of-service condition.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Shunkai Zhu",
          "Rongkuan Ma",
          "Peng Cheng"
        ],
        "organization": "NESC Lab of Zhejiang University",
        "summary": "reporting this vulnerability to Mitsubishi Electric"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow information disclosure, information tampering, unauthorized operation, or a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-175-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-175-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-175-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-175-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)",
    "tracking": {
      "current_release_date": "2020-07-07T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-175-01",
      "initial_release_date": "2020-06-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-06-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-175-01 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX series CPU modules"
        },
        {
          "date": "2020-07-07T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-20-175-01 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "MELSEC iQ-R iQ-F Q L and FX series CPU modules: all versions",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R iQ-F Q L and FX series CPU modules"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-5594",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a vulnerability due to cleartext communication between Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules, and GX Works3/GX Works2. There are risks of communication data eavesdropping/tampering, unauthorized operation, and denial-of-service (DoS) attacks from attackers. CVE-2020-5594 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).. --------- End Update A Part 1 of 2 ---------CVE-2020-5594 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends encrypting the communication path by setting up a VPN to mitigate the impact of this vulnerability.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Additional information about the vulnerability is available by contacting a Mitsubishi Electric representative.https://us.mitsubishielectric.com/fa/en/about-us/distributors",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://us.mitsubishielectric.com/fa/en/about-us/distributors"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

fkie_cve-2020-5594

Vulnerability from fkie_nvd

Published

2020-06-23 08:15

Modified

2024-11-21 05:34

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU91424496/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU91424496/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	melsec_iq-r_firmware	*
mitsubishielectric	melsec_iq-r	-
mitsubishielectric	melsec_iq-f_firmware	*
mitsubishielectric	melsec_iq-f	-
mitsubishielectric	melsec-q_firmware	*
mitsubishielectric	melsec-q	-
mitsubishielectric	melsec-l_firmware	*
mitsubishielectric	melsec-l	-
mitsubishielectric	melsec-fx_firmware	*
mitsubishielectric	melsec-fx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2A20BD-77FE-42A3-9AC6-597470CD1212",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CC1A84-A51D-4E56-BA7A-9C1D21DDF8D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1644AECC-4A04-4209-9654-668D6B3B093B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "175AA161-6775-4715-85A2-4AD426D131F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec-q_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1047B633-7FE4-47C2-846F-5878DA5D3038",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec-q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "418EA7F6-FB8D-4192-8BEC-E34BBF98400A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec-l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93701E98-1A2C-45EE-933F-2FA9D803A875",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCADAD32-6840-45C7-94E1-DD7BE0A59417",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec-fx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DCC54F-CA89-41BC-8C3F-89084911956D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec-fx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "455C03F1-8A83-493D-9DAD-F7D0950105AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Todos los m\u00f3dulos de CPU de las series Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L y FX, contienen una vulnerabilidad que permite la transmisi\u00f3n de informaci\u00f3n confidencial entre m\u00f3dulos de CPU y GX Works3 y/o GX Works2 por medio de vectores no especificados"
    }
  ],
  "id": "CVE-2020-5594",
  "lastModified": "2024-11-21T05:34:19.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-23T08:15:10.487",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU91424496/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2020-46802

Vulnerability from cnvd

Title

多款Mitsubishi Electric产品存在未明漏洞

Description

Mitsubishi Electric MELSEC iQ-R series等都是日本三菱电机（Mitsubishi Electric）公司的一款可编程逻辑控制器。多款Mitsubishi Electric产品中存在安全漏洞，该漏洞源于CPU模块与GX Works3或GX Works2之间采用明文通信，攻击者可利用该漏洞窃听/篡改通信数据，执行未授权的操作，造成拒绝服务。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.mitsubishielectric.com/

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01

Impacted products

Name
['Mitsubishi Electric MELSEC FX', 'Mitsubishi Electric MELSEC iQ-R', 'Mitsubishi Electric MELSEC iQ-F', 'Mitsubishi Electric MELSEC Q', 'Mitsubishi Electric MELSEC L']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5594"
    }
  },
  "description": "Mitsubishi Electric MELSEC iQ-R series\u7b49\u90fd\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\uff08Mitsubishi Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\n\n\u591a\u6b3eMitsubishi Electric\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eCPU\u6a21\u5757\u4e0eGX Works3\u6216GX Works2\u4e4b\u95f4\u91c7\u7528\u660e\u6587\u901a\u4fe1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u542c/\u7be1\u6539\u901a\u4fe1\u6570\u636e\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.mitsubishielectric.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-46802",
  "openTime": "2020-08-19",
  "products": {
    "product": [
      "Mitsubishi Electric MELSEC FX",
      "Mitsubishi Electric MELSEC iQ-R",
      "Mitsubishi Electric MELSEC iQ-F",
      "Mitsubishi Electric MELSEC Q",
      "Mitsubishi Electric MELSEC L"
    ]
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-24",
  "title": "\u591a\u6b3eMitsubishi Electric\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

var-202006-1511

Vulnerability from variot

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.

There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "melsec-q",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec-l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec iq-f",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec-fx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec iq-r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "*"
      },
      {
        "model": "melsec fx series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec iq-f series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec iq-r series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec l series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "melsec q series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
      },
      {
        "model": "electric melsec fx",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec iq-r",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec iq-f",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec q",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      },
      {
        "model": "electric melsec l",
        "scope": null,
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-5594",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-5594",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-46802",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-5594",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 10,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005854",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-5594",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-005854",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-46802",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1590",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-5594",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-5594",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91424496",
        "trust": 2.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-175-01",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2176",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "id": "VAR-202006-1511",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      }
    ],
    "trust": 1.3499999919999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:33:25.234000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba   \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu91424496"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/319.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      },
      {
        "date": "2020-06-23T08:15:10.487000",
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-46802"
      },
      {
        "date": "2020-07-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5594"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      },
      {
        "date": "2020-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      },
      {
        "date": "2024-11-21T05:34:19.893000",
        "db": "NVD",
        "id": "CVE-2020-5594"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Mitsubishi Electric  MELSEC iQ-R , iQ-F , Q , L , FX Of the series  CPU With the unit  GX Works3 and  GX Works2 Vulnerability in plaintext communication between",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005854"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1590"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-5594 (GCVE-0-2020-5594)

Vulnerability from cvelistv5

Vulnerability from jvndb

Vulnerability from github

Vulnerability from gsd

Vulnerability from csaf_cisa

Vulnerability from csaf_cisa

Vulnerability from fkie_nvd

Vulnerability from cnvd

Vulnerability from variot

Tags

Sightings

Nomenclature