ICSA-20-212-04
Vulnerability from csaf_cisa - Published: 2020-07-30 00:00 - Updated: 2026-05-28 06:00Summary
Mitsubishi Electric Factory Automation Engineering Products (Update L)
Notes
Advisory Summary: Successful exploitation of this vulnerability could allow a remote attacker to disclose information, tamper with information, cause a denial-of-service (DoS) condition on the affected products, and so on by replacing certain files in the product which have improper permissions with crafted files.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Mitsubishi Electric 2020-007 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Mitsubishi Electric directly for any questions regarding this advisory.
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
8.3 (High)
Affected products
Known affected
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric C Controller Interface Module utility: <=2.00
Mitsubishi Electric / Mitsubishi Electric C Controller Interface Module utility
|
<=2.00 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric CC-Link IE Control Network Data Collector: 1.00A
Mitsubishi Electric / Mitsubishi Electric CC-Link IE Control Network Data Collector
|
1.00A |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric CC-Link IE Field Network Data Collector: 1.00A
Mitsubishi Electric / Mitsubishi Electric CC-Link IE Field Network Data Collector
|
1.00A |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric CC-Link IE TSN Data Collector: 1.00A
Mitsubishi Electric / Mitsubishi Electric CC-Link IE TSN Data Collector
|
1.00A |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric CPU Module Logging Configuration Tool: <=1.100E
Mitsubishi Electric / Mitsubishi Electric CPU Module Logging Configuration Tool
|
<=1.100E |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric CW Configurator: <=1.010L
Mitsubishi Electric / Mitsubishi Electric CW Configurator
|
<=1.010L |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Data Transfer: <=3.42U
Mitsubishi Electric / Mitsubishi Electric Data Transfer
|
<=3.42U |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric EZSocket: <=5.1
Mitsubishi Electric / Mitsubishi Electric EZSocket
|
<=5.1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric FR Configurator SW3: vers:all/*
Mitsubishi Electric / Mitsubishi Electric FR Configurator SW3
|
vers:all/* |
No Fix Planned
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric FR Configurator2: <=1.26C
Mitsubishi Electric / Mitsubishi Electric FR Configurator2
|
<=1.26C |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GT Designer2 Classic: vers:all/*
Mitsubishi Electric / Mitsubishi Electric GT Designer2 Classic
|
vers:all/* |
No Fix Planned
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GT Designer3 Version1 (GOT1000): <=1.241B
Mitsubishi Electric / Mitsubishi Electric GT Designer3 Version1 (GOT1000)
|
<=1.241B |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GT Designer3 Version1 (GOT2000): <=1.241B
Mitsubishi Electric / Mitsubishi Electric GT Designer3 Version1 (GOT2000)
|
<=1.241B |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GT SoftGOT1000 Version3: <=3.200J
Mitsubishi Electric / Mitsubishi Electric GT SoftGOT1000 Version3
|
<=3.200J |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GT SoftGOT2000 Version1: <=1.241B
Mitsubishi Electric / Mitsubishi Electric GT SoftGOT2000 Version1
|
<=1.241B |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GX Developer: <=8.504A
Mitsubishi Electric / Mitsubishi Electric GX Developer
|
<=8.504A |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GX LogViewer: <=1.100E
Mitsubishi Electric / Mitsubishi Electric GX LogViewer
|
<=1.100E |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GX Works2: <=1.601B
Mitsubishi Electric / Mitsubishi Electric GX Works2
|
<=1.601B |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric GX Works3: <=1.063R
Mitsubishi Electric / Mitsubishi Electric GX Works3
|
<=1.063R |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric M_CommDTM-IO-Link: <=1.03D
Mitsubishi Electric / Mitsubishi Electric M_CommDTM-IO-Link
|
<=1.03D |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MELFA-Works: <=4.4
Mitsubishi Electric / Mitsubishi Electric MELFA-Works
|
<=4.4 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MELSEC WinCPU Setting Utility: vers:all/*
Mitsubishi Electric / Mitsubishi Electric MELSEC WinCPU Setting Utility
|
vers:all/* |
No Fix Planned
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MELSOFT Complete Clean Up Tool: <=1.06G
Mitsubishi Electric / Mitsubishi Electric MELSOFT Complete Clean Up Tool
|
<=1.06G |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MELSOFT EM Software Development Kit: <=1.015R
Mitsubishi Electric / Mitsubishi Electric MELSOFT EM Software Development Kit
|
<=1.015R |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MELSOFT iQ AppPortal: <=1.17T
Mitsubishi Electric / Mitsubishi Electric MELSOFT iQ AppPortal
|
<=1.17T |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MELSOFT Navigator: <=2.74C
Mitsubishi Electric / Mitsubishi Electric MELSOFT Navigator
|
<=2.74C |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MI Configurator: <=1.004E
Mitsubishi Electric / Mitsubishi Electric MI Configurator
|
<=1.004E |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Motion Control Setting: <=1.005F
Mitsubishi Electric / Mitsubishi Electric Motion Control Setting
|
<=1.005F |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Motorizer: <=1.005F
Mitsubishi Electric / Mitsubishi Electric Motorizer
|
<=1.005F |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MR Configurator2: <=1.125F
Mitsubishi Electric / Mitsubishi Electric MR Configurator2
|
<=1.125F |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MT Works2: <=1.167Z
Mitsubishi Electric / Mitsubishi Electric MT Works2
|
<=1.167Z |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MTConnect Data Collector: <=1.1.4.0
Mitsubishi Electric / Mitsubishi Electric MTConnect Data Collector
|
<=1.1.4.0 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MX Component: <=4.20W
Mitsubishi Electric / Mitsubishi Electric MX Component
|
<=4.20W |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MX MESInterface: <=1.21X
Mitsubishi Electric / Mitsubishi Electric MX MESInterface
|
<=1.21X |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MX MESInterface-R: <=1.12N
Mitsubishi Electric / Mitsubishi Electric MX MESInterface-R
|
<=1.12N |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric MX Sheet: <=2.15R
Mitsubishi Electric / Mitsubishi Electric MX Sheet
|
<=2.15R |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Network Interface Board CC IE Control Utility: <=1.29F
Mitsubishi Electric / Mitsubishi Electric Network Interface Board CC IE Control Utility
|
<=1.29F |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Network Interface Board CC IE Field Utility: <=1.16S
Mitsubishi Electric / Mitsubishi Electric Network Interface Board CC IE Field Utility
|
<=1.16S |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility: <=1.23Z
Mitsubishi Electric / Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility
|
<=1.23Z |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Network Interface Board MNETH Utility: <=34L
Mitsubishi Electric / Mitsubishi Electric Network Interface Board MNETH Utility
|
<=34L |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Position Board utility 2: <=3.20
Mitsubishi Electric / Mitsubishi Electric Position Board utility 2
|
<=3.20 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric PX Developer: <=1.53F
Mitsubishi Electric / Mitsubishi Electric PX Developer
|
<=1.53F |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric RT ToolBox2: <=3.73B
Mitsubishi Electric / Mitsubishi Electric RT ToolBox2
|
<=3.73B |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric RT ToolBox3: <=1.82L
Mitsubishi Electric / Mitsubishi Electric RT ToolBox3
|
<=1.82L |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW3PVC-CCPU): <=3.13P
Mitsubishi Electric / Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW3PVC-CCPU)
|
<=3.13P |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): <=4.12N
Mitsubishi Electric / Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)
|
<=4.12N |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric SLMP Data Collector: <=1.04E
Mitsubishi Electric / Mitsubishi Electric SLMP Data Collector
|
<=1.04E |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric QD72P3C3 FB Library (Japanese): 1.00A
Mitsubishi Electric / Mitsubishi Electric QD72P3C3 FB Library (Japanese)
|
1.00A |
No Fix Planned
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric QD62(E/D), LD62(D) FB Library (Japanese): 1.00A
Mitsubishi Electric / Mitsubishi Electric QD62(E/D), LD62(D) FB Library (Japanese)
|
1.00A |
No Fix Planned
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric QD64D2 FB Library (Japanese): 1.00A
Mitsubishi Electric / Mitsubishi Electric QD64D2 FB Library (Japanese)
|
1.00A |
No Fix Planned
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Japanese): <=1.04E
Mitsubishi Electric / Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Japanese)
|
<=1.04E |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Other languages): <=1.04E
Mitsubishi Electric / Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Other languages)
|
<=1.04E |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Japanese): <=1.02C
Mitsubishi Electric / Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Japanese)
|
<=1.02C |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Other languages): <=1.02C
Mitsubishi Electric / Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Other languages)
|
<=1.02C |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
References
12 references
Acknowledgments
Claroty
Mashav Sapir
{
"document": {
"acknowledgments": [
{
"names": [
"Mashav Sapir"
],
"organization": "Claroty",
"summary": "reported this vulnerability to Mitsubishi Electric"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow a remote attacker to disclose information, tamper with information, cause a denial-of-service (DoS) condition on the affected products, and so on by replacing certain files in the product which have improper permissions with crafted files.",
"title": "Advisory Summary"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Mitsubishi Electric 2020-007 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Mitsubishi Electric directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-212-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-212-04.json"
},
{
"category": "self",
"summary": "Mitsubishi Electric Advisory 2020-007",
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-212-04 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-212-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Mitsubishi Electric Factory Automation Engineering Products (Update L)",
"tracking": {
"current_release_date": "2026-05-28T06:00:00.000000Z",
"generator": {
"date": "2026-05-21T15:44:40.478588Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-20-212-04",
"initial_release_date": "2020-07-30T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-07-30T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2020-11-05T00:00:00.000000Z",
"legacy_version": "Additional Release 1",
"number": "2",
"summary": "Added Data Transfer, GT Designer3 Version1 (GOT1000), GT Designer3 Version1 (GOT2000), GT SoftGOT1000 Version3, GT SoftGOT2000 Version1, MX MESInterface, and MX MESInterface-R that have been fixed to \"Countermeasures\"."
},
{
"date": "2021-01-14T00:00:00.000000Z",
"legacy_version": "Additional Release 2",
"number": "3",
"summary": "Added MELSOFT iQ AppPortal, MX Component, and MX Sheet that have been fixed to \"Countermeasures\"."
},
{
"date": "2021-05-27T00:00:00.000000Z",
"legacy_version": "Additional Release 3",
"number": "4",
"summary": "Added EZSocket and PX Developer that have been fixed to \"Countermeasures\"."
},
{
"date": "2021-07-27T00:00:00.000000Z",
"legacy_version": "Additional Release 4",
"number": "5",
"summary": "Added GX Works2, MELSOFT Complete Clean Up Tool, and MELSOFT Navigator that have been fixed to \"Countermeasures\"."
},
{
"date": "2021-11-16T00:00:00.000000Z",
"legacy_version": "Additional Release 5",
"number": "6",
"summary": "Added MELFA-Works, RT ToolBox2, and RT ToolBox3 that have been fixed to \"Countermeasures\". Added CC-Link IE TSN Data Collector to \"Affected Products\"."
},
{
"date": "2022-02-08T00:00:00.000000Z",
"legacy_version": "Additional Release 6",
"number": "7",
"summary": "Added CC-Link IE Control Network Data Collector, CC-Link IE Field Network Data Collector, CC-Link IE TSN Data Collector, MR Configurator2, MT Works2, MTConnect Data Collector, and SLMP Data Collector that have been fixed to \"Countermeasures\"."
},
{
"date": "2022-05-24T00:00:00.000000Z",
"legacy_version": "Additional Release 7",
"number": "8",
"summary": "Added FR Configurator2, M_CommDTM-IO-Link, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board CC-Link Ver.2 Utility, and Network Interface Board MNETH Utility that have been fixed to \"Countermeasures\"."
},
{
"date": "2022-07-28T00:00:00.000000Z",
"legacy_version": "Additional Release 8",
"number": "9",
"summary": "Added MI Configurator, Setting/monitoring tools for the C Controller module (SW3PVC-CCPU), and Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) that have been fixed to \"Countermeasures\"."
},
{
"date": "2022-11-17T00:00:00.000000Z",
"legacy_version": "Additional Release 9",
"number": "10",
"summary": "Added C Controller Interface Module utility and MELSOFT EM Software Development Kit that have been fixed to \"Countermeasures\"."
},
{
"date": "2023-03-02T00:00:00.000000Z",
"legacy_version": "Additional Release 10",
"number": "11",
"summary": "Added Position Board utility 2 that has been fixed to \"Countermeasures\"."
},
{
"date": "2023-04-11T00:00:00.000000Z",
"legacy_version": "Additional Release 11",
"number": "12",
"summary": "Added recommended actions for FR Configurator SW3, GT Designer2 Classic, and MELSEC WinCPU Setting Utility to \"Countermeasures\"."
},
{
"date": "2026-05-28T00:00:00.000000Z",
"legacy_version": "Additional Release 12",
"number": "13",
"summary": "Added FB libraries for Simple Motion Module (Positioning Control), Simple Motion Module (Synchronous Control), QD72P3C3, QD62 (E/D), LD62 (D), and QD64D2 to \"Affected Products\". Added FB libraries for Simple Motion Module (Positioning Control) and Simple Motion Module (Synchronous Control) that has been fixed to \"Countermeasures\"."
},
{
"date": "2026-05-28T06:00:00.000000Z",
"legacy_version": "Latest Updated CISA Republication",
"number": "14",
"summary": "CISA Republication update based on Mitsubishi Electric 2020-007 advisory"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.00",
"product": {
"name": "Mitsubishi Electric C Controller Interface Module utility: \u003c=2.00",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric C Controller Interface Module utility"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "Mitsubishi Electric CC-Link IE Control Network Data Collector: 1.00A",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric CC-Link IE Control Network Data Collector"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "Mitsubishi Electric CC-Link IE Field Network Data Collector: 1.00A",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric CC-Link IE Field Network Data Collector"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "Mitsubishi Electric CC-Link IE TSN Data Collector: 1.00A",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric CC-Link IE TSN Data Collector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.100E",
"product": {
"name": "Mitsubishi Electric CPU Module Logging Configuration Tool: \u003c=1.100E",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric CPU Module Logging Configuration Tool"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.010L",
"product": {
"name": "Mitsubishi Electric CW Configurator: \u003c=1.010L",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric CW Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.42U",
"product": {
"name": "Mitsubishi Electric Data Transfer: \u003c=3.42U",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Data Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=5.1",
"product": {
"name": "Mitsubishi Electric EZSocket: \u003c=5.1",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric EZSocket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric FR Configurator SW3: vers:all/*",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric FR Configurator SW3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.26C",
"product": {
"name": "Mitsubishi Electric FR Configurator2: \u003c=1.26C",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric FR Configurator2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric GT Designer2 Classic: vers:all/*",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GT Designer2 Classic"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.241B",
"product": {
"name": "Mitsubishi Electric GT Designer3 Version1 (GOT1000): \u003c=1.241B",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GT Designer3 Version1 (GOT1000)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.241B",
"product": {
"name": "Mitsubishi Electric GT Designer3 Version1 (GOT2000): \u003c=1.241B",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GT Designer3 Version1 (GOT2000)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.200J",
"product": {
"name": "Mitsubishi Electric GT SoftGOT1000 Version3: \u003c=3.200J",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GT SoftGOT1000 Version3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.241B",
"product": {
"name": "Mitsubishi Electric GT SoftGOT2000 Version1: \u003c=1.241B",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GT SoftGOT2000 Version1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.504A",
"product": {
"name": "Mitsubishi Electric GX Developer: \u003c=8.504A",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GX Developer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.100E",
"product": {
"name": "Mitsubishi Electric GX LogViewer: \u003c=1.100E",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GX LogViewer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.601B",
"product": {
"name": "Mitsubishi Electric GX Works2: \u003c=1.601B",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GX Works2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.063R",
"product": {
"name": "Mitsubishi Electric GX Works3: \u003c=1.063R",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric GX Works3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.03D",
"product": {
"name": "Mitsubishi Electric M_CommDTM-IO-Link: \u003c=1.03D",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric M_CommDTM-IO-Link"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=4.4",
"product": {
"name": "Mitsubishi Electric MELFA-Works: \u003c=4.4",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MELFA-Works"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric MELSEC WinCPU Setting Utility: vers:all/*",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MELSEC WinCPU Setting Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.06G",
"product": {
"name": "Mitsubishi Electric MELSOFT Complete Clean Up Tool: \u003c=1.06G",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MELSOFT Complete Clean Up Tool"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.015R",
"product": {
"name": "Mitsubishi Electric MELSOFT EM Software Development Kit: \u003c=1.015R",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MELSOFT EM Software Development Kit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.17T",
"product": {
"name": "Mitsubishi Electric MELSOFT iQ AppPortal: \u003c=1.17T",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MELSOFT iQ AppPortal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.74C",
"product": {
"name": "Mitsubishi Electric MELSOFT Navigator: \u003c=2.74C",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MELSOFT Navigator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.004E",
"product": {
"name": "Mitsubishi Electric MI Configurator: \u003c=1.004E",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MI Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.005F",
"product": {
"name": "Mitsubishi Electric Motion Control Setting: \u003c=1.005F",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Motion Control Setting"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.005F",
"product": {
"name": "Mitsubishi Electric Motorizer: \u003c=1.005F",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Motorizer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.125F",
"product": {
"name": "Mitsubishi Electric MR Configurator2: \u003c=1.125F",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MR Configurator2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.167Z",
"product": {
"name": "Mitsubishi Electric MT Works2: \u003c=1.167Z",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MT Works2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.4.0",
"product": {
"name": "Mitsubishi Electric MTConnect Data Collector: \u003c=1.1.4.0",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MTConnect Data Collector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=4.20W",
"product": {
"name": "Mitsubishi Electric MX Component: \u003c=4.20W",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MX Component"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.21X",
"product": {
"name": "Mitsubishi Electric MX MESInterface: \u003c=1.21X",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MX MESInterface"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.12N",
"product": {
"name": "Mitsubishi Electric MX MESInterface-R: \u003c=1.12N",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MX MESInterface-R"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.15R",
"product": {
"name": "Mitsubishi Electric MX Sheet: \u003c=2.15R",
"product_id": "CSAFPID-0036"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MX Sheet"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.29F",
"product": {
"name": "Mitsubishi Electric Network Interface Board CC IE Control Utility: \u003c=1.29F",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Network Interface Board CC IE Control Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.16S",
"product": {
"name": "Mitsubishi Electric Network Interface Board CC IE Field Utility: \u003c=1.16S",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Network Interface Board CC IE Field Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.23Z",
"product": {
"name": "Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility: \u003c=1.23Z",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=34L",
"product": {
"name": "Mitsubishi Electric Network Interface Board MNETH Utility: \u003c=34L",
"product_id": "CSAFPID-0040"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Network Interface Board MNETH Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.20",
"product": {
"name": "Mitsubishi Electric Position Board utility 2: \u003c=3.20",
"product_id": "CSAFPID-0041"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Position Board utility 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.53F",
"product": {
"name": "Mitsubishi Electric PX Developer: \u003c=1.53F",
"product_id": "CSAFPID-0042"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric PX Developer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.73B",
"product": {
"name": "Mitsubishi Electric RT ToolBox2: \u003c=3.73B",
"product_id": "CSAFPID-0043"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric RT ToolBox2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.82L",
"product": {
"name": "Mitsubishi Electric RT ToolBox3: \u003c=1.82L",
"product_id": "CSAFPID-0044"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric RT ToolBox3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.13P",
"product": {
"name": "Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW3PVC-CCPU): \u003c=3.13P",
"product_id": "CSAFPID-0045"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW3PVC-CCPU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=4.12N",
"product": {
"name": "Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): \u003c=4.12N",
"product_id": "CSAFPID-0046"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.04E",
"product": {
"name": "Mitsubishi Electric SLMP Data Collector: \u003c=1.04E",
"product_id": "CSAFPID-0047"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric SLMP Data Collector"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "Mitsubishi Electric QD72P3C3 FB Library (Japanese): 1.00A",
"product_id": "CSAFPID-0048"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric QD72P3C3 FB Library (Japanese)"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "Mitsubishi Electric QD62(E/D), LD62(D) FB Library (Japanese): 1.00A",
"product_id": "CSAFPID-0049"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric QD62(E/D), LD62(D) FB Library (Japanese)"
},
{
"branches": [
{
"category": "product_version",
"name": "1.00A",
"product": {
"name": "Mitsubishi Electric QD64D2 FB Library (Japanese): 1.00A",
"product_id": "CSAFPID-0050"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric QD64D2 FB Library (Japanese)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.04E",
"product": {
"name": "Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Japanese): \u003c=1.04E",
"product_id": "CSAFPID-0051"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Japanese)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.04E",
"product": {
"name": "Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Other languages): \u003c=1.04E",
"product_id": "CSAFPID-0052"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Simple Motion Module (Positioning Control) FB Library (Other languages)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.02C",
"product": {
"name": "Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Japanese): \u003c=1.02C",
"product_id": "CSAFPID-0053"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Japanese)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.02C",
"product": {
"name": "Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Other languages): \u003c=1.02C",
"product_id": "CSAFPID-0054"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric Simple Motion Module (Synchronous Control) FB Library (Other languages)"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14521",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "summary",
"text": "A remote code execution vulnerability due to Unquoted Search Path or Element (CWE-428) in C Controller Interface Module utility, CC-Link IE Control Network Data Collector, CC-Link IE Field Network Data Collector, CC-Link IE TSN Data Collector, CPU Module Logging Configuration Tool, CW Configurator, Data Transfer, EZSocket, FR Configurator SW3, FR Configurator2, GT Designer2 Classic, GT Designer3 Version1 (GOT1000), GT Designer3 Version1 (GOT2000), GT SoftGOT1000 Version3, GT SoftGOT2000 Version1, GX Developer, GX LogViewer, GX Works2, GX Works3, M_CommDTM-IO-Link, MELFA-Works, MELSEC WinCPU Setting Utility, MELSOFT Complete Clean Up Tool, MELSOFT EM Software Development Kit, MELSOFT iQ AppPortal, MELSOFT Navigator, MI Configurator, Motion Control Setting, Motorizer, MR Configurator2, MT Works2, MTConnect Data Collector, MX Component, MX MESInterface, MX MESInterface-R, MX Sheet, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board CC-Link Ver.2 Utility, Network Interface Board MNETH Utility, Position Board utility 2, PX Developer, RT ToolBox2, RT ToolBox3, Setting/monitoring tools for the C Controller module (SW3PVC-CCPU), Setting/monitoring tools for the C Controller module (SW4PVC-CCPU), SLMP Data Collector, QD72P3C3 FB Library (Japanese), QD62(E/D), LD62(D) FB Library (Japanese), QD64D2 FB Library (Japanese), Simple Motion Module (Positioning Control) FB Library (Japanese), Simple Motion Module (Positioning Control) FB Library (Other languages), Simple Motion Module (Synchronous Control) FB Library (Japanese) and Simple Motion Module (Synchronous Control) FB Library (Other languages) allow a remote attacker to disclose information, tamper with information, cause a denial-of-service (DoS) condition on the affected products, and so on by replacing certain files in the product which have improper permissions with crafted files.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:N/T:T/2026-05-28T00:00:00Z/",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14521"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/428.html"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 2.10 or later for C Controller Interface Module utility. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.01B or later for CC-Link IE Control Network Data Collector. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.01B or later for CC-Link IE Field Network Data Collector. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.01B or later for CC-Link IE TSN Data Collector. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.106K or later for CPU Module Logging Configuration Tool. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.011M or later for CW Configurator. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 3.43V or later for Data Transfer. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 5.2 or later for EZSocket. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.27D or later for FR Configurator2. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.245F or later for GT Designer3 Version1 (GOT1000). Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0012"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.245F or later for GT Designer3 Version1 (GOT2000). Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 3.245F or later for GT SoftGOT1000 Version3. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0014"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.245F or later for GT SoftGOT2000 Version1. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0015"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 8.505B or later for GX Developer. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0016"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.106K or later for GX LogViewer. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.605F or later for GX Works2. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0018"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.065T or later for GX Works3. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0019"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.04E or later for M_CommDTM-IO-Link. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0020"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 4.5 or later for MELFA-Works. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0021"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.07H or later for MELSOFT Complete Clean Up Tool. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0023"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.020W or later for MELSOFT EM Software Development Kit. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0024"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.20W or later for MELSOFT iQ AppPortal. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0025"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 2.78G or later for MELSOFT Navigator. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0026"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.005F or later for MI Configurator. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0027"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.006G or later for Motion Control Setting. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0028"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.010L or later for Motorizer. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0029"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.130L or later for MR Configurator2. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0030"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.170C or later for MT Works2. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0031"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.1.5.0 or later for MTConnect Data Collector. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0032"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 4.21X or later for MX Component. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0033"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.22Y or later for MX MESInterface. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0034"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.13P or later for MX MESInterface-R. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0035"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 2.16S or later for MX Sheet. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0036"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.30G or later for Network Interface Board CC IE Control Utility. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0037"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.17T or later for Network Interface Board CC IE Field Utility. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0038"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.24A or later for Network Interface Board CC-Link Ver.2 Utility. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0039"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 35M or later for Network Interface Board MNETH Utility. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0040"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 3.30 or later for Position Board utility 2. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0041"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.54G or later for PX Developer. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0042"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 3.74C or later for RT ToolBox2. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.90U or later for RT ToolBox3. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 3.14Q or later for Setting/monitoring tools for the C Controller module (SW3PVC-CCPU). Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0045"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 4.13P or later for Setting/monitoring tools for the C Controller module (SW4PVC-CCPU). Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0046"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.05F or later for SLMP Data Collector. Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0047"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.05F or later for Simple Motion Module (Positioning Control) FB Library (Japanese) and Simple Motion Module (Positioning Control) FB Library (Other languages). Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0051",
"CSAFPID-0052"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "vendor_fix",
"details": "Mitsubishi Electric is releasing fixed version 1.03D or later for Simple Motion Module (Synchronous Control) FB Library (Japanese) and Simple Motion Module (Synchronous Control) FB Library (Other languages). Please download the fixed version from the link \"https://www.mitsubishielectric.com/fa/download/index.html\" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\".",
"product_ids": [
"CSAFPID-0053",
"CSAFPID-0054"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "no_fix_planned",
"details": "There are no plans to release a fixed version for FR Configurator SW3. Refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\", and take the actions described there.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "no_fix_planned",
"details": "There are no plans to release a fixed version for GT Designer2 Classic. Refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\", and take the actions described there.",
"product_ids": [
"CSAFPID-0011"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "no_fix_planned",
"details": "There are no plans to release a fixed version for MELSEC WinCPU Setting Utility. Refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\", and take the actions described there.",
"product_ids": [
"CSAFPID-0022"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "no_fix_planned",
"details": "There are no plans to release a fixed version for QD72P3C3 FB Library (Japanese). Refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\", and take the actions described there.",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "no_fix_planned",
"details": "There are no plans to release a fixed version for QD62(E/D), LD62(D) FB Library (E/D). Refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\", and take the actions described there.",
"product_ids": [
"CSAFPID-0049"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "no_fix_planned",
"details": "There are no plans to release a fixed version for QD64D2 FB Library (Japanese). Refer to the Mitsubishi Electric security advisory at \"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf\", and take the actions described there.",
"product_ids": [
"CSAFPID-0050"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-007_en.pdf"
},
{
"category": "mitigation",
"details": "For users of the affected products, Mitsubishi Electric recommends that, if a \"File Name Warning\" message appears when Windows starts, follow the instructions in the message, such as renaming the file, and take appropriate action before installing or operating the affected product, to minimize the risk of exploiting this vulnerability.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "mitigation",
"details": "For users of the affected products, Mitsubishi Electric recommends operating the products under an account that does not have administrator\u0027s privileges, to minimize the risk of exploiting this vulnerability.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "mitigation",
"details": "For users of the affected products, Mitsubishi Electric recommends installing an antivirus software in your personal computer using the products, to minimize the risk of exploiting this vulnerability.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "mitigation",
"details": "For users of the affected products, Mitsubishi Electric recommends restricting network exposure of all control system devices or systems to the minimum necessary and ensuring that they are not accessible from untrusted networks and hosts, to minimize the risk of exploiting this vulnerability.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "mitigation",
"details": "For users of the affected products, Mitsubishi Electric recommends locating control system networks and remote devices behind firewalls and isolating them from the business network, to minimize the risk of exploiting this vulnerability.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "mitigation",
"details": "For users of the affected products, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required, to minimize the risk of exploiting this vulnerability.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054"
]
}
]
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…