CVE-2020-14523 - Vulnerability Details

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mitsubishielectric	Cw Configurator Fr Configurator2 Gx Works2 Gx Works3 Iu Configuration Tool Iu Developer2 Melsoft Iq Appportal Melsoft Navigator Mi Configurator Mr Configurator2 Mt Works2 Mx Component Rd78g16 Rd78g16 Firmware Rd78g32 Rd78g32 Firmware Rd78g4 Rd78g4 Firmware Rd78g64 Rd78g64 Firmware Rd78g8 Rd78g8 Firmware Rd78ghv Rd78ghv Firmware Rd78ghw Rd78ghw Firmware Rt Toolbox3

Configuration 1 [-]

OR	cpe:2.3:a:mitsubishielectric:cw_configurator::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:gx_works2::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:iu_configuration_tool::::::::
	cpe:2.3:a:mitsubishielectric:iu_developer2::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_iq_appportal::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_navigator::::::::
	cpe:2.3:a:mitsubishielectric:mi_configurator::::::::
	cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:mt_works2::::::::
	cpe:2.3:a:mitsubishielectric:mx_component::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:rd78g4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rd78g4:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:rd78g8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rd78g8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:rd78g16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rd78g16:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishielectric:rd78g32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rd78g32:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishielectric:rd78g64_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rd78g64:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitsubishielectric:rd78ghv_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rd78ghv:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitsubishielectric:rd78ghw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rd78ghw:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU90224831/
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf

History

Wed, 16 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-02-11T17:40:29.187Z

Updated: 2025-04-16T18:01:22.616Z

Reserved: 2020-06-19T00:00:00.000Z

Link: CVE-2020-14523

Vulnrichment

Updated: 2024-08-04T12:46:34.640Z

NVD

Status : Modified

Published: 2022-02-11T18:15:08.577

Modified: 2024-11-21T05:03:27.300

Link: CVE-2020-14523

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object