Privilege escalation in Mitsubishi Electric Multiple Factory Automation Engineering Software Products

Published: 2020-07-31

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-14496
CWE-ID	CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	CPU Module Logging Configuration Tool Client/Desktop applications / Software for system administration CW Configurator Client/Desktop applications / Software for system administration Mitsubishi Electric FR Configurator2 Client/Desktop applications / Software for system administration GT Designer3 Client/Desktop applications / Software for system administration GX LogViewer Client/Desktop applications / Software for system administration GX Works2 Client/Desktop applications / Software for system administration GX Works3 Client/Desktop applications / Software for system administration M_CommDTM-HART Client/Desktop applications / Software for system administration M_CommDTM-IO-Link Client/Desktop applications / Software for system administration MELFA-Works Client/Desktop applications / Software for system administration MELSOFT FieldDeviceConfigurator Client/Desktop applications / Software for system administration MELSOFT Navigator Client/Desktop applications / Software for system administration MI Configurator Client/Desktop applications / Software for system administration MR Configurator2 Client/Desktop applications / Software for system administration MT Works2 Client/Desktop applications / Software for system administration RT ToolBox2 Client/Desktop applications / Software for system administration RT ToolBox3 Client/Desktop applications / Software for system administration Data Transfer Other software / Other software solutions EZSocket Other software / Other software solutions MH11 SettingTool Version2 Other software / Other software solutions Setting/monitoring tools for the C Controller module Other software / Other software solutions GT SoftGOT1000 Version3 Server applications / SCADA systems GT SoftGOT2000 Version1 Server applications / SCADA systems MELSEC WinCPU Setting Utility Operating systems & Components / Operating system package or component MELSOFT EM Software Development Kit Hardware solutions / Firmware Motorizer Client/Desktop applications / Other client software PX Developer Client/Desktop applications / Other client software MX Component Universal components / Libraries / Libraries used by multiple products Network Interface Board CC IE Control utility Server applications / Other server solutions Network Interface Board CC IE Field Utility Server applications / Other server solutions Network Interface Board CC-Link Ver.2 Utility Server applications / Other server solutions Network Interface Board MNETH utility Server applications / Other server solutions
Vendor	Mitsubishi Electric

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32955

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14496

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CPU Module Logging Configuration Tool: 1.100E

CW Configurator: 1.010L

Data Transfer: 3.40S

EZSocket: 4.5

Mitsubishi Electric FR Configurator2: 1.22Y

GT Designer3: 1.235V

GT SoftGOT1000 Version3: All versions

GT SoftGOT2000 Version1: 1.235V

GX LogViewer: 1.100E

GX Works2: 1.592S

GX Works3: 1.063R

M_CommDTM-HART: 1.00A

M_CommDTM-IO-Link: All versions

MELFA-Works: 4.3

MELSEC WinCPU Setting Utility: All versions

MELSOFT EM Software Development Kit: 1.010L

MELSOFT FieldDeviceConfigurator: 1.03D

MELSOFT Navigator: 2.62Q

MH11 SettingTool Version2: 2.002C

MI Configurator: All versions

Motorizer: 1.005F

MR Configurator2: 1.105K

MT Works2: 1.156N

MX Component: 4.19V

Network Interface Board CC IE Control utility: All versions

Network Interface Board CC IE Field Utility: All versions

Network Interface Board CC-Link Ver.2 Utility: All versions

Network Interface Board MNETH utility: All versions

PX Developer: 1.52E

RT ToolBox2: 3.72A

RT ToolBox3: 1.70Y

Setting/monitoring tools for the C Controller module: All versions

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-212-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.