ICSA-21-049-02
Vulnerability from csaf_cisa - Published: 2021-02-18 07:00 - Updated: 2025-06-05 06:00Summary
Mitsubishi Electric FA Engineering Software Products (Update H)
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may cause a denial-of-service condition.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
7.5 (High)
Affected products
Known affected
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric CPU Module Logging Configuration Tool: <=1.112R
Mitsubishi Electric / CPU Module Logging Configuration Tool
|
<=1.112R |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric CW Configurator: <=1.011M
Mitsubishi Electric / CW Configurator
|
<=1.011M |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Data Transfer: <=3.44W
Mitsubishi Electric / Data Transfer
|
<=3.44W |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Vendor Fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric EZSocket: <=5.4
Mitsubishi Electric / EZSocket
|
<=5.4 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric FR Configurator: vers:all/*
Mitsubishi Electric / FR Configurator
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric FR Configurator SW3: vers:all/*
Mitsubishi Electric / FR Configurator SW3
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric FR Configurator2: <=1.24A
Mitsubishi Electric / FR Configurator2
|
<=1.24A |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT Designer3 Version1(GOT1000): <=1.250L
Mitsubishi Electric / GT Designer3 Version1(GOT1000)
|
<=1.250L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT Designer3 Version1(GOT2000): <=1.250L
Mitsubishi Electric / GT Designer3 Version1(GOT2000)
|
<=1.250L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT SoftGOT1000 Version3: <=3.245F
Mitsubishi Electric / GT SoftGOT1000 Version3
|
<=3.245F |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT SoftGOT2000 Version1: <=1.250L
Mitsubishi Electric / GT SoftGOT2000 Version1
|
<=1.250L |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Configurator-DP: <=7.14Q
Mitsubishi Electric / GX Configurator-DP
|
<=7.14Q |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Configurator-QP: vers:all/*
Mitsubishi Electric / GX Configurator-QP
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Developer: <=8.506C
Mitsubishi Electric / GX Developer
|
<=8.506C |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Explorer: vers:all/*
Mitsubishi Electric / GX Explorer
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX IEC Developer: vers:all/*
Mitsubishi Electric / GX IEC Developer
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX LogViewer: <=1.115U
Mitsubishi Electric / GX LogViewer
|
<=1.115U |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX RemoteService-I: vers:all/*
Mitsubishi Electric / GX RemoteService-I
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works2: <=1.597X
Mitsubishi Electric / GX Works2
|
<=1.597X |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: <=1.070Y
Mitsubishi Electric / GX Works3
|
<=1.070Y |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric iQ Monozukuri ANDON (Data Transfer): <=1.003D
Mitsubishi Electric / iQ Monozukuri ANDON (Data Transfer)
|
<=1.003D |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric iQ Monozukuri Process Remote Monitoring (Data Transfer): <=1.002C
Mitsubishi Electric / iQ Monozukuri Process Remote Monitoring (Data Transfer)
|
<=1.002C |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric M_CommDTM-HART: vers:all/*
Mitsubishi Electric / M_CommDTM-HART
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric M_CommDTM-IO-Link: <=1.03D
Mitsubishi Electric / M_CommDTM-IO-Link
|
<=1.03D |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELFA-Works: <=4.4
Mitsubishi Electric / MELFA-Works
|
<=4.4 |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELSEC WinCPU Setting Utility: vers:all/*
Mitsubishi Electric / MELSEC WinCPU Setting Utility
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELSOFT EM Software Development Kit (EM Configurator): <=1.015R
Mitsubishi Electric / MELSOFT EM Software Development Kit (EM Configurator)
|
<=1.015R |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELSOFT Navigator: <=2.74C
Mitsubishi Electric / MELSOFT Navigator
|
<=2.74C |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MH11 SettingTool Version2: <=2.004E
Mitsubishi Electric / MH11 SettingTool Version2
|
<=2.004E |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MI Configurator: <=1.004E
Mitsubishi Electric / MI Configurator
|
<=1.004E |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MT Works2: <=1.167Z
Mitsubishi Electric / MT Works2
|
<=1.167Z |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MX Component: <=5.001B
Mitsubishi Electric / MX Component
|
<=5.001B |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board CC IE Control utility: <=1.29F
Mitsubishi Electric / Network Interface Board CC IE Control utility
|
<=1.29F |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board CC IE Field Utility: <=1.16S
Mitsubishi Electric / Network Interface Board CC IE Field Utility
|
<=1.16S |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility: <=1.23Z
Mitsubishi Electric / Network Interface Board CC-Link Ver.2 Utility
|
<=1.23Z |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board MNETH utility: <=34L
Mitsubishi Electric / Network Interface Board MNETH utility
|
<=34L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric PX Developer: <=1.53F
Mitsubishi Electric / PX Developer
|
<=1.53F |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric RT ToolBox2: <=3.73B
Mitsubishi Electric / RT ToolBox2
|
<=3.73B |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric RT ToolBox3: <=1.82L
Mitsubishi Electric / RT ToolBox3
|
<=1.82L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): <=4.12N
Mitsubishi Electric / Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)
|
<=4.12N |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric SLMP Data Collector: <=1.04E
Mitsubishi Electric / SLMP Data Collector
|
<=1.04E |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric CPU Module Logging Configuration Tool: <=1.112R
Mitsubishi Electric / CPU Module Logging Configuration Tool
|
<=1.112R |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric CW Configurator: <=1.011M
Mitsubishi Electric / CW Configurator
|
<=1.011M |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Data Transfer: <=3.44W
Mitsubishi Electric / Data Transfer
|
<=3.44W |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Vendor Fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric EZSocket: <=5.4
Mitsubishi Electric / EZSocket
|
<=5.4 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric FR Configurator: vers:all/*
Mitsubishi Electric / FR Configurator
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric FR Configurator SW3: vers:all/*
Mitsubishi Electric / FR Configurator SW3
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric FR Configurator2: <=1.24A
Mitsubishi Electric / FR Configurator2
|
<=1.24A |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT Designer3 Version1(GOT1000): <=1.250L
Mitsubishi Electric / GT Designer3 Version1(GOT1000)
|
<=1.250L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT Designer3 Version1(GOT2000): <=1.250L
Mitsubishi Electric / GT Designer3 Version1(GOT2000)
|
<=1.250L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT SoftGOT1000 Version3: <=3.245F
Mitsubishi Electric / GT SoftGOT1000 Version3
|
<=3.245F |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT SoftGOT2000 Version1: <=1.250L
Mitsubishi Electric / GT SoftGOT2000 Version1
|
<=1.250L |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Configurator-DP: <=7.14Q
Mitsubishi Electric / GX Configurator-DP
|
<=7.14Q |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Configurator-QP: vers:all/*
Mitsubishi Electric / GX Configurator-QP
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Developer: <=8.506C
Mitsubishi Electric / GX Developer
|
<=8.506C |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Explorer: vers:all/*
Mitsubishi Electric / GX Explorer
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX IEC Developer: vers:all/*
Mitsubishi Electric / GX IEC Developer
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX LogViewer: <=1.115U
Mitsubishi Electric / GX LogViewer
|
<=1.115U |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX RemoteService-I: vers:all/*
Mitsubishi Electric / GX RemoteService-I
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works2: <=1.597X
Mitsubishi Electric / GX Works2
|
<=1.597X |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: <=1.070Y
Mitsubishi Electric / GX Works3
|
<=1.070Y |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric iQ Monozukuri ANDON (Data Transfer): <=1.003D
Mitsubishi Electric / iQ Monozukuri ANDON (Data Transfer)
|
<=1.003D |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric iQ Monozukuri Process Remote Monitoring (Data Transfer): <=1.002C
Mitsubishi Electric / iQ Monozukuri Process Remote Monitoring (Data Transfer)
|
<=1.002C |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric M_CommDTM-HART: vers:all/*
Mitsubishi Electric / M_CommDTM-HART
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric M_CommDTM-IO-Link: <=1.03D
Mitsubishi Electric / M_CommDTM-IO-Link
|
<=1.03D |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELFA-Works: <=4.4
Mitsubishi Electric / MELFA-Works
|
<=4.4 |
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELSEC WinCPU Setting Utility: vers:all/*
Mitsubishi Electric / MELSEC WinCPU Setting Utility
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELSOFT EM Software Development Kit (EM Configurator): <=1.015R
Mitsubishi Electric / MELSOFT EM Software Development Kit (EM Configurator)
|
<=1.015R |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MELSOFT Navigator: <=2.74C
Mitsubishi Electric / MELSOFT Navigator
|
<=2.74C |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MH11 SettingTool Version2: <=2.004E
Mitsubishi Electric / MH11 SettingTool Version2
|
<=2.004E |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MI Configurator: <=1.004E
Mitsubishi Electric / MI Configurator
|
<=1.004E |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MT Works2: <=1.167Z
Mitsubishi Electric / MT Works2
|
<=1.167Z |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MX Component: <=5.001B
Mitsubishi Electric / MX Component
|
<=5.001B |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board CC IE Control utility: <=1.29F
Mitsubishi Electric / Network Interface Board CC IE Control utility
|
<=1.29F |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board CC IE Field Utility: <=1.16S
Mitsubishi Electric / Network Interface Board CC IE Field Utility
|
<=1.16S |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility: <=1.23Z
Mitsubishi Electric / Network Interface Board CC-Link Ver.2 Utility
|
<=1.23Z |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Network Interface Board MNETH utility: <=34L
Mitsubishi Electric / Network Interface Board MNETH utility
|
<=34L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric PX Developer: <=1.53F
Mitsubishi Electric / PX Developer
|
<=1.53F |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric RT ToolBox2: <=3.73B
Mitsubishi Electric / RT ToolBox2
|
<=3.73B |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric RT ToolBox3: <=1.82L
Mitsubishi Electric / RT ToolBox3
|
<=1.82L |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): <=4.12N
Mitsubishi Electric / Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)
|
<=4.12N |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric SLMP Data Collector: <=1.04E
Mitsubishi Electric / SLMP Data Collector
|
<=1.04E |
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
14 references
Acknowledgments
dliangfun
{
"document": {
"acknowledgments": [
{
"names": [
"dliangfun"
],
"summary": "reporting these vulnerabilities to Mitsubishi Electric"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may cause a denial-of-service condition. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-049-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-049-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-21-049-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-049-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Mitsubishi Electric FA Engineering Software Products (Update H)",
"tracking": {
"current_release_date": "2025-06-05T06:00:00.000000Z",
"generator": {
"date": "2025-06-05T17:14:52.588733Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-049-02",
"initial_release_date": "2021-02-18T07:00:00.000000Z",
"revision_history": [
{
"date": "2021-02-18T07:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2021-05-27T06:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Added affected products."
},
{
"date": "2021-07-27T06:00:00.000000Z",
"legacy_version": "Update B",
"number": "3",
"summary": "Update B - Added fixed product."
},
{
"date": "2021-11-16T07:00:00.000000Z",
"legacy_version": "Update C",
"number": "4",
"summary": "Update C - Added fixed products."
},
{
"date": "2022-02-08T07:00:00.000000Z",
"legacy_version": "Update D",
"number": "5",
"summary": "Update D - Added fixed products."
},
{
"date": "2022-05-24T06:00:00.000000Z",
"legacy_version": "Update E",
"number": "6",
"summary": "Update E - Added fixed products."
},
{
"date": "2022-07-28T06:00:00.000000Z",
"legacy_version": "Update F",
"number": "7",
"summary": "Update F - Added fixed products."
},
{
"date": "2022-11-17T07:00:00.000000Z",
"legacy_version": "Update G",
"number": "8",
"summary": "Update G - Added fixed product."
},
{
"date": "2025-06-05T06:00:00.000000Z",
"legacy_version": "Update H",
"number": "9",
"summary": "Update H - Added updated products and countermeasures."
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.112R",
"product": {
"name": "Mitsubishi Electric CPU Module Logging Configuration Tool: \u003c=1.112R",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "CPU Module Logging Configuration Tool"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.011M",
"product": {
"name": "Mitsubishi Electric CW Configurator: \u003c=1.011M",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "CW Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.44W",
"product": {
"name": "Mitsubishi Electric Data Transfer: \u003c=3.44W",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Data Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=5.4",
"product": {
"name": "Mitsubishi Electric EZSocket: \u003c=5.4",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "EZSocket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric FR Configurator: vers:all/*",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "FR Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric FR Configurator SW3: vers:all/*",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "FR Configurator SW3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.24A",
"product": {
"name": "Mitsubishi Electric FR Configurator2: \u003c=1.24A",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "FR Configurator2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.250L",
"product": {
"name": "Mitsubishi Electric GT Designer3 Version1(GOT1000): \u003c=1.250L",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "GT Designer3 Version1(GOT1000)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.250L",
"product": {
"name": "Mitsubishi Electric GT Designer3 Version1(GOT2000): \u003c=1.250L",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "GT Designer3 Version1(GOT2000)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.245F",
"product": {
"name": "Mitsubishi Electric GT SoftGOT1000 Version3: \u003c=3.245F",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "GT SoftGOT1000 Version3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.250L",
"product": {
"name": "Mitsubishi Electric GT SoftGOT2000 Version1: \u003c=1.250L",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "GT SoftGOT2000 Version1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.14Q",
"product": {
"name": "Mitsubishi Electric GX Configurator-DP: \u003c=7.14Q",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "GX Configurator-DP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric GX Configurator-QP: vers:all/*",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "GX Configurator-QP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.506C",
"product": {
"name": "Mitsubishi Electric GX Developer: \u003c=8.506C",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "GX Developer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric GX Explorer: vers:all/*",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "GX Explorer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric GX IEC Developer: vers:all/*",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "GX IEC Developer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.115U",
"product": {
"name": "Mitsubishi Electric GX LogViewer: \u003c=1.115U",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "GX LogViewer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric GX RemoteService-I: vers:all/*",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "GX RemoteService-I"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.597X",
"product": {
"name": "Mitsubishi Electric GX Works2: \u003c=1.597X",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "GX Works2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.070Y",
"product": {
"name": "Mitsubishi Electric GX Works3: \u003c=1.070Y",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "GX Works3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.003D",
"product": {
"name": "Mitsubishi Electric iQ Monozukuri ANDON (Data Transfer): \u003c=1.003D",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "iQ Monozukuri ANDON (Data Transfer)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.002C",
"product": {
"name": "Mitsubishi Electric iQ Monozukuri Process Remote Monitoring (Data Transfer): \u003c=1.002C",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "iQ Monozukuri Process Remote Monitoring (Data Transfer)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric M_CommDTM-HART: vers:all/*",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "M_CommDTM-HART"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.03D",
"product": {
"name": "Mitsubishi Electric M_CommDTM-IO-Link: \u003c=1.03D",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "M_CommDTM-IO-Link"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=4.4",
"product": {
"name": "Mitsubishi Electric MELFA-Works: \u003c=4.4",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "MELFA-Works"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric MELSEC WinCPU Setting Utility: vers:all/*",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "MELSEC WinCPU Setting Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.015R",
"product": {
"name": "Mitsubishi Electric MELSOFT EM Software Development Kit (EM Configurator): \u003c=1.015R",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "MELSOFT EM Software Development Kit (EM Configurator)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.74C",
"product": {
"name": "Mitsubishi Electric MELSOFT Navigator: \u003c=2.74C",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "MELSOFT Navigator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.004E",
"product": {
"name": "Mitsubishi Electric MH11 SettingTool Version2: \u003c=2.004E",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "MH11 SettingTool Version2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.004E",
"product": {
"name": "Mitsubishi Electric MI Configurator: \u003c=1.004E",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "MI Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.167Z",
"product": {
"name": "Mitsubishi Electric MT Works2: \u003c=1.167Z",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "MT Works2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=5.001B",
"product": {
"name": "Mitsubishi Electric MX Component: \u003c=5.001B",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "MX Component"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.29F",
"product": {
"name": "Mitsubishi Electric Network Interface Board CC IE Control utility: \u003c=1.29F",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "Network Interface Board CC IE Control utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.16S",
"product": {
"name": "Mitsubishi Electric Network Interface Board CC IE Field Utility: \u003c=1.16S",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "Network Interface Board CC IE Field Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.23Z",
"product": {
"name": "Mitsubishi Electric Network Interface Board CC-Link Ver.2 Utility: \u003c=1.23Z",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "Network Interface Board CC-Link Ver.2 Utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=34L",
"product": {
"name": "Mitsubishi Electric Network Interface Board MNETH utility: \u003c=34L",
"product_id": "CSAFPID-0036"
}
}
],
"category": "product_name",
"name": "Network Interface Board MNETH utility"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.53F",
"product": {
"name": "Mitsubishi Electric PX Developer: \u003c=1.53F",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "PX Developer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.73B",
"product": {
"name": "Mitsubishi Electric RT ToolBox2: \u003c=3.73B",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "RT ToolBox2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.82L",
"product": {
"name": "Mitsubishi Electric RT ToolBox3: \u003c=1.82L",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "RT ToolBox3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=4.12N",
"product": {
"name": "Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): \u003c=4.12N",
"product_id": "CSAFPID-0040"
}
}
],
"category": "product_name",
"name": "Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.04E",
"product": {
"name": "Mitsubishi Electric SLMP Data Collector: \u003c=1.04E",
"product_id": "CSAFPID-0041"
}
}
],
"category": "product_name",
"name": "SLMP Data Collector"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20587",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A malicious attacker may cause a denial-of-service condition by spoofing MELSEC, GOT, or FREQROL, and returning crafted reply packets. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric has released updated versions for the following products to address these vulnerabilities. Please download and install the update from the Mitsubishi Electric download site.:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
],
"url": "https://www.mitsubishielectric.com/fa/download/index.html"
},
{
"category": "vendor_fix",
"details": "CPU Module Logging Configuration Tool: Version 1.118X or later",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "CW Configurator: Version 1.012N or later",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Data Transfer: Version 3.45X or later",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "EZSocket: Version 5.5 or later",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "FR Configurator2: Version 1.25B or later",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1(GOT1000): Version 1.255R or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1(GOT2000): Version 1.255R or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "GT SoftGOT1000 Version3: Version 3.255R or later",
"product_ids": [
"CSAFPID-0010"
]
},
{
"category": "vendor_fix",
"details": "GT SoftGOT2000 Version1: Version 1.255R or later",
"product_ids": [
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "GX Configurator-DP: Version 7.15R or later",
"product_ids": [
"CSAFPID-0012"
]
},
{
"category": "vendor_fix",
"details": "GX Developer: Version 8.507D or later",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "GX LogViewer: Version 1.118X or later",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "vendor_fix",
"details": "GX Works2: Version 1.600A or later",
"product_ids": [
"CSAFPID-0019"
]
},
{
"category": "vendor_fix",
"details": "GX Works3: Version 1.072A or later",
"product_ids": [
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "iQ Monozukuri ANDON (Data Transfer): Version 1.004E or later",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "iQ Monozukuri Process Remote Monitoring (Data Transfer): Version 1.005F or later",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "M_CommDTM-IO-Link: Version 1.04E or later",
"product_ids": [
"CSAFPID-0024"
]
},
{
"category": "vendor_fix",
"details": "MELFA-Works: Version 4.5 or later",
"product_ids": [
"CSAFPID-0025"
]
},
{
"category": "mitigation",
"details": "MELSOFT EM Software Development Kit (EM Configurator): Version 1.020W or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "MELSOFT Navigator: Version 2.78G or later",
"product_ids": [
"CSAFPID-0028"
]
},
{
"category": "vendor_fix",
"details": "MH11 SettingTool Version2: Version 2.005F or later",
"product_ids": [
"CSAFPID-0029"
]
},
{
"category": "vendor_fix",
"details": "MI Configurator: Version 1.005F or later",
"product_ids": [
"CSAFPID-0030"
]
},
{
"category": "vendor_fix",
"details": "MT Works2: Version 1.170C or later",
"product_ids": [
"CSAFPID-0031"
]
},
{
"category": "vendor_fix",
"details": "MX Component: Version 5.002C or later",
"product_ids": [
"CSAFPID-0032"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board CC IE Control utility: Version 1.30G or later",
"product_ids": [
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board CC IE Field Utility: Version 1.17T or later",
"product_ids": [
"CSAFPID-0034"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board CC-Link Ver.2 Utility: Version 1.24A or later",
"product_ids": [
"CSAFPID-0035"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board MNETH utility: Version 35M or later",
"product_ids": [
"CSAFPID-0036"
]
},
{
"category": "vendor_fix",
"details": "PX Developer: Version 1.54G or later",
"product_ids": [
"CSAFPID-0037"
]
},
{
"category": "vendor_fix",
"details": "RT ToolBox2: Version 3.74C or later",
"product_ids": [
"CSAFPID-0038"
]
},
{
"category": "vendor_fix",
"details": "RT ToolBox3: Version 1.90U or later",
"product_ids": [
"CSAFPID-0039"
]
},
{
"category": "mitigation",
"details": "Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): Version 4.13P or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "SLMP Data Collector: Version 1.05F or later",
"product_ids": [
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Mitsubishi Electric has no plans to release fixed versions for the following products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "FR Configurator",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "FR Configurator SW3",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "GX Configurator-QP",
"product_ids": [
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "GX Explorer",
"product_ids": [
"CSAFPID-0015"
]
},
{
"category": "vendor_fix",
"details": "GX IEC Developer",
"product_ids": [
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "GX RemoteService-I",
"product_ids": [
"CSAFPID-0018"
]
},
{
"category": "vendor_fix",
"details": "M_CommDTM-HART",
"product_ids": [
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "MELSEC WinCPU Setting Utility",
"product_ids": [
"CSAFPID-0026"
]
},
{
"category": "mitigation",
"details": "For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends taking the following mitigations to minimize the risk of exploiting these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "Install the fixed version of GX Works3 on your personal computer running the products when communicating with MELSEC. GX Works3 provides comprehensive countermeasures that provide the same level of protection to other products.",
"product_ids": [
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "Install the fixed version of FR Configurator2 on your personal computer running the products when communicating with FREQROL. FR Configurator2 provides comprehensive countermeasures that provide the same level of protection to other products.",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Install the fixed version of GT Designer3 on your personal computer running the products when communicating with GOT. GT Designer3 provides comprehensive countermeasures that provide the same level of protection to other products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Operate the products under an account that does not have administrator privileges.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on personal computers running the products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Restrict network exposure for all control system devices or systems to the minimum necessary, and ensure that they are not accessible from untrusted networks and hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Locate control system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Use a virtual private network (VPN) when remote access is required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Refer to Mitsubishi Electric advisory 2020-021 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
]
},
{
"cve": "CVE-2021-20588",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "A malicious attacker may cause a denial-of-service condition by spoofing MELSEC, GOT, or FREQROL, and returning crafted reply packets. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20588"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric has released updated versions for the following products to address these vulnerabilities. Please download and install the update from the Mitsubishi Electric download site.:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
],
"url": "https://www.mitsubishielectric.com/fa/download/index.html"
},
{
"category": "vendor_fix",
"details": "CPU Module Logging Configuration Tool: Version 1.118X or later",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "CW Configurator: Version 1.012N or later",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Data Transfer: Version 3.45X or later",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "EZSocket: Version 5.5 or later",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "FR Configurator2: Version 1.25B or later",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1(GOT1000): Version 1.255R or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1(GOT2000): Version 1.255R or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "GT SoftGOT1000 Version3: Version 3.255R or later",
"product_ids": [
"CSAFPID-0010"
]
},
{
"category": "vendor_fix",
"details": "GT SoftGOT2000 Version1: Version 1.255R or later",
"product_ids": [
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "GX Configurator-DP: Version 7.15R or later",
"product_ids": [
"CSAFPID-0012"
]
},
{
"category": "vendor_fix",
"details": "GX Developer: Version 8.507D or later",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "GX LogViewer: Version 1.118X or later",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "vendor_fix",
"details": "GX Works2: Version 1.600A or later",
"product_ids": [
"CSAFPID-0019"
]
},
{
"category": "vendor_fix",
"details": "GX Works3: Version 1.072A or later",
"product_ids": [
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "iQ Monozukuri ANDON (Data Transfer): Version 1.004E or later",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "iQ Monozukuri Process Remote Monitoring (Data Transfer): Version 1.005F or later",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "M_CommDTM-IO-Link: Version 1.04E or later",
"product_ids": [
"CSAFPID-0024"
]
},
{
"category": "vendor_fix",
"details": "MELFA-Works: Version 4.5 or later",
"product_ids": [
"CSAFPID-0025"
]
},
{
"category": "mitigation",
"details": "MELSOFT EM Software Development Kit (EM Configurator): Version 1.020W or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "MELSOFT Navigator: Version 2.78G or later",
"product_ids": [
"CSAFPID-0028"
]
},
{
"category": "vendor_fix",
"details": "MH11 SettingTool Version2: Version 2.005F or later",
"product_ids": [
"CSAFPID-0029"
]
},
{
"category": "vendor_fix",
"details": "MI Configurator: Version 1.005F or later",
"product_ids": [
"CSAFPID-0030"
]
},
{
"category": "vendor_fix",
"details": "MT Works2: Version 1.170C or later",
"product_ids": [
"CSAFPID-0031"
]
},
{
"category": "vendor_fix",
"details": "MX Component: Version 5.002C or later",
"product_ids": [
"CSAFPID-0032"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board CC IE Control utility: Version 1.30G or later",
"product_ids": [
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board CC IE Field Utility: Version 1.17T or later",
"product_ids": [
"CSAFPID-0034"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board CC-Link Ver.2 Utility: Version 1.24A or later",
"product_ids": [
"CSAFPID-0035"
]
},
{
"category": "vendor_fix",
"details": "Network Interface Board MNETH utility: Version 35M or later",
"product_ids": [
"CSAFPID-0036"
]
},
{
"category": "vendor_fix",
"details": "PX Developer: Version 1.54G or later",
"product_ids": [
"CSAFPID-0037"
]
},
{
"category": "vendor_fix",
"details": "RT ToolBox2: Version 3.74C or later",
"product_ids": [
"CSAFPID-0038"
]
},
{
"category": "vendor_fix",
"details": "RT ToolBox3: Version 1.90U or later",
"product_ids": [
"CSAFPID-0039"
]
},
{
"category": "mitigation",
"details": "Setting/monitoring tools for the C Controller module (SW4PVC-CCPU): Version 4.13P or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "SLMP Data Collector: Version 1.05F or later",
"product_ids": [
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Mitsubishi Electric has no plans to release fixed versions for the following products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "FR Configurator",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "FR Configurator SW3",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "GX Configurator-QP",
"product_ids": [
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "GX Explorer",
"product_ids": [
"CSAFPID-0015"
]
},
{
"category": "vendor_fix",
"details": "GX IEC Developer",
"product_ids": [
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "GX RemoteService-I",
"product_ids": [
"CSAFPID-0018"
]
},
{
"category": "vendor_fix",
"details": "M_CommDTM-HART",
"product_ids": [
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "MELSEC WinCPU Setting Utility",
"product_ids": [
"CSAFPID-0026"
]
},
{
"category": "mitigation",
"details": "For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends taking the following mitigations to minimize the risk of exploiting these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "Install the fixed version of GX Works3 on your personal computer running the products when communicating with MELSEC. GX Works3 provides comprehensive countermeasures that provide the same level of protection to other products.",
"product_ids": [
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "Install the fixed version of FR Configurator2 on your personal computer running the products when communicating with FREQROL. FR Configurator2 provides comprehensive countermeasures that provide the same level of protection to other products.",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Install the fixed version of GT Designer3 on your personal computer running the products when communicating with GOT. GT Designer3 provides comprehensive countermeasures that provide the same level of protection to other products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Operate the products under an account that does not have administrator privileges.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on personal computers running the products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Restrict network exposure for all control system devices or systems to the minimum necessary, and ensure that they are not accessible from untrusted networks and hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Locate control system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Use a virtual private network (VPN) when remote access is required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "mitigation",
"details": "Refer to Mitsubishi Electric advisory 2020-021 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
]
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…