Multiple vulnerabilities in lMitsubishi Electric FA engineering software products



Published: 2021-02-22
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2021-20587
CVE-2021-20588
CWE ID CWE-122
CWE-130
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Setting/monitoring tools for the C Controller module
Other software / Other software solutions

Data Transfer
Other software / Other software solutions

EZSocket
Other software / Other software solutions

MH11 SettingTool Version2
Other software / Other software solutions

CPU Module Logging Configuration Tool
Client/Desktop applications / Software for system administration

CW Configurator
Client/Desktop applications / Software for system administration

Mitsubishi Electric FR Configurator2
Client/Desktop applications / Software for system administration

FR Configurator
Client/Desktop applications / Software for system administration

FR Configurator SW3
Client/Desktop applications / Software for system administration

GT Designer3
Client/Desktop applications / Software for system administration

GX Configurator-DP
Client/Desktop applications / Software for system administration

GX Configurator-QP
Client/Desktop applications / Software for system administration

GX Developer
Client/Desktop applications / Software for system administration

GX LogViewer
Client/Desktop applications / Software for system administration

GX RemoteService-I
Client/Desktop applications / Software for system administration

GX Works2
Client/Desktop applications / Software for system administration

GX Works3
Client/Desktop applications / Software for system administration

M_CommDTM-HART
Client/Desktop applications / Software for system administration

M_CommDTM-IO-Link
Client/Desktop applications / Software for system administration

MELFA-Works
Client/Desktop applications / Software for system administration

MELSOFT EM Software Development Kit (EM Configurator)
Client/Desktop applications / Software for system administration

MELSOFT Navigator
Client/Desktop applications / Software for system administration

MI Configurator
Client/Desktop applications / Software for system administration

MT Works2
Client/Desktop applications / Software for system administration

RT ToolBox2
Client/Desktop applications / Software for system administration

RT ToolBox3
Client/Desktop applications / Software for system administration

SLMP Data Collector
Client/Desktop applications / Software for system administration

GT SoftGOT1000 Version3
Server applications / SCADA systems

GT SoftGOT2000 Version1
Server applications / SCADA systems

MELSEC WinCPU Setting Utility
Operating systems & Components / Operating system package or component

MX Component
Universal components / Libraries / Libraries used by multiple products

Network Interface Board CC IE Control utility
Server applications / Other server solutions

Network Interface Board CC IE Field Utility
Server applications / Other server solutions

Network Interface Board CC-Link Ver.2 Utility
Server applications / Other server solutions

Network Interface Board MNETH utility
Server applications / Other server solutions

PX Developer
Client/Desktop applications / Other client software

Vendor Mitsubishi Electric

Security Advisory

1) Heap-based buffer overflow

Risk: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-20587

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can spoof MELSEC, GOT or FREQROL and return crafted reply packets, trigger heap-based buffer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Setting/monitoring tools for the C Controller module: All versions

CPU Module Logging Configuration Tool: All versions

CW Configurator: All versions

Data Transfer: All versions

EZSocket: All versions

Mitsubishi Electric FR Configurator2: All versions

FR Configurator: All versions

FR Configurator SW3: All versions

GT Designer3: All versions

GT SoftGOT1000 Version3: All versions

GT SoftGOT2000 Version1: All versions

GX Configurator-DP: 7.14Q

GX Configurator-QP: All versions

GX Developer: All versions

GX LogViewer: All versions

GX RemoteService-I: All versions

GX Works2: 1.597X

GX Works3: 1.070Y

M_CommDTM-HART: All versions

M_CommDTM-IO-Link: All versions

MELFA-Works: All versions

MELSEC WinCPU Setting Utility: All versions

MELSOFT EM Software Development Kit (EM Configurator): All versions

MELSOFT Navigator: All versions

MH11 SettingTool Version2: All versions

MI Configurator: All versions

MT Works2: All versions

MX Component: All versions

Network Interface Board CC IE Control utility: All versions

Network Interface Board CC IE Field Utility: All versions

Network Interface Board CC-Link Ver.2 Utility: All versions

Network Interface Board MNETH utility: All versions

PX Developer: All versions

RT ToolBox2: All versions

RT ToolBox3: All versions

SLMP Data Collector: All versions

CPE External links

https://jvn.jp/vu/JVNVU92330101/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Handling of Length Parameter Inconsistency

Risk: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-20588

CWE-ID: CWE-130 - Improper Handling of Length Parameter Inconsistency

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of length parameter inconsistency. A remote attacker can spoof MELSEC, GOT or FREQROL, return crafted reply packets and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Setting/monitoring tools for the C Controller module: All versions

CPU Module Logging Configuration Tool: All versions

CW Configurator: All versions

Data Transfer: All versions

EZSocket: All versions

Mitsubishi Electric FR Configurator2: All versions

FR Configurator: All versions

FR Configurator SW3: All versions

GT Designer3: All versions

GT SoftGOT1000 Version3: All versions

GT SoftGOT2000 Version1: All versions

GX Configurator-DP: 7.14Q

GX Configurator-QP: All versions

GX Developer: All versions

GX LogViewer: All versions

GX RemoteService-I: All versions

GX Works2: 1.597X

GX Works3: 1.070Y

M_CommDTM-HART: All versions

M_CommDTM-IO-Link: All versions

MELFA-Works: All versions

MELSEC WinCPU Setting Utility: All versions

MELSOFT EM Software Development Kit (EM Configurator): All versions

MELSOFT Navigator: All versions

MH11 SettingTool Version2: All versions

MI Configurator: All versions

MT Works2: All versions

MX Component: All versions

Network Interface Board CC IE Control utility: All versions

Network Interface Board CC IE Field Utility: All versions

Network Interface Board CC-Link Ver.2 Utility: All versions

Network Interface Board MNETH utility: All versions

PX Developer: All versions

RT ToolBox2: All versions

RT ToolBox3: All versions

SLMP Data Collector: All versions

CPE External links

https://jvn.jp/vu/JVNVU92330101/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###