This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU32955
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-14496
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCPU Module Logging Configuration Tool: 1.100E
CW Configurator: 1.010L
Data Transfer: 3.40S
EZSocket: 4.5
Mitsubishi Electric FR Configurator2: 1.22Y
GT Designer3: 1.235V
GT SoftGOT1000 Version3: All versions
GT SoftGOT2000 Version1: 1.235V
GX LogViewer: 1.100E
GX Works2: 1.592S
GX Works3: 1.063R
M_CommDTM-HART: 1.00A
M_CommDTM-IO-Link: All versions
MELFA-Works: 4.3
MELSEC WinCPU Setting Utility: All versions
MELSOFT EM Software Development Kit: 1.010L
MELSOFT FieldDeviceConfigurator: 1.03D
MELSOFT Navigator: 2.62Q
MH11 SettingTool Version2: 2.002C
MI Configurator: All versions
Motorizer: 1.005F
MR Configurator2: 1.105K
MT Works2: 1.156N
MX Component: 4.19V
Network Interface Board CC IE Control utility: All versions
Network Interface Board CC IE Field Utility: All versions
Network Interface Board CC-Link Ver.2 Utility: All versions
Network Interface Board MNETH utility: All versions
PX Developer: 1.52E
RT ToolBox2: 3.72A
RT ToolBox3: 1.70Y
Setting/monitoring tools for the C Controller module: All versions
http://ics-cert.us-cert.gov/advisories/icsa-20-212-02
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?