Multiple vulnerabilities in lMitsubishi Electric FA engineering software products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-20587 CVE-2021-20588 |
| CWE-ID | CWE-122 CWE-130 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Setting/monitoring tools for the C Controller module Other software / Other software solutions Data Transfer Other software / Other software solutions EZSocket Other software / Other software solutions MH11 SettingTool Version2 Other software / Other software solutions CPU Module Logging Configuration Tool Client/Desktop applications / Software for system administration CW Configurator Client/Desktop applications / Software for system administration Mitsubishi Electric FR Configurator2 Client/Desktop applications / Software for system administration FR Configurator Client/Desktop applications / Software for system administration FR Configurator SW3 Client/Desktop applications / Software for system administration GT Designer3 Client/Desktop applications / Software for system administration GX Configurator-DP Client/Desktop applications / Software for system administration GX Configurator-QP Client/Desktop applications / Software for system administration GX Developer Client/Desktop applications / Software for system administration GX LogViewer Client/Desktop applications / Software for system administration GX RemoteService-I Client/Desktop applications / Software for system administration GX Works2 Client/Desktop applications / Software for system administration GX Works3 Client/Desktop applications / Software for system administration M_CommDTM-HART Client/Desktop applications / Software for system administration M_CommDTM-IO-Link Client/Desktop applications / Software for system administration MELFA-Works Client/Desktop applications / Software for system administration MELSOFT EM Software Development Kit (EM Configurator) Client/Desktop applications / Software for system administration MELSOFT Navigator Client/Desktop applications / Software for system administration MI Configurator Client/Desktop applications / Software for system administration MT Works2 Client/Desktop applications / Software for system administration RT ToolBox2 Client/Desktop applications / Software for system administration RT ToolBox3 Client/Desktop applications / Software for system administration SLMP Data Collector Client/Desktop applications / Software for system administration GT SoftGOT1000 Version3 Server applications / SCADA systems GT SoftGOT2000 Version1 Server applications / SCADA systems MELSEC WinCPU Setting Utility Operating systems & Components / Operating system package or component MX Component Universal components / Libraries / Libraries used by multiple products Network Interface Board CC IE Control utility Server applications / Other server solutions Network Interface Board CC IE Field Utility Server applications / Other server solutions Network Interface Board CC-Link Ver.2 Utility Server applications / Other server solutions Network Interface Board MNETH utility Server applications / Other server solutions PX Developer Client/Desktop applications / Other client software |
| Vendor | Mitsubishi Electric |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU50839
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-20587
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can spoof MELSEC, GOT or FREQROL and return crafted reply packets, trigger heap-based buffer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSetting/monitoring tools for the C Controller module: All versions
CPU Module Logging Configuration Tool: All versions
CW Configurator: All versions
Data Transfer: All versions
EZSocket: All versions
Mitsubishi Electric FR Configurator2: All versions
FR Configurator: All versions
FR Configurator SW3: All versions
GT Designer3: All versions
GT SoftGOT1000 Version3: All versions
GT SoftGOT2000 Version1: All versions
GX Configurator-DP: - - 7.14Q
GX Configurator-QP: All versions
GX Developer: All versions
GX LogViewer: All versions
GX RemoteService-I: All versions
GX Works2: - - 1.597X
GX Works3: - - 1.070Y
M_CommDTM-HART: All versions
M_CommDTM-IO-Link: All versions
MELFA-Works: All versions
MELSEC WinCPU Setting Utility: All versions
MELSOFT EM Software Development Kit (EM Configurator): All versions
MELSOFT Navigator: All versions
MH11 SettingTool Version2: All versions
MI Configurator: All versions
MT Works2: All versions
MX Component: All versions
Network Interface Board CC IE Control utility: All versions
Network Interface Board CC IE Field Utility: All versions
Network Interface Board CC-Link Ver.2 Utility: All versions
Network Interface Board MNETH utility: All versions
PX Developer: All versions
RT ToolBox2: All versions
RT ToolBox3: All versions
SLMP Data Collector: All versions
CPE2.3- cpe:2.3:a:mitsubishi_electric:setting_monitoring_tools_for_the_c_controller_module:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:cw_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:data_transfer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:ezsocket:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mitsubishi_electric_fr_configurator2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:fr_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:fr_configurator_sw3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gt_designer3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gt_softgot1000_version3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gt_softgot2000_version1:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_configurator-dp:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_configurator-qp:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_developer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_logviewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_remoteservice-i:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_works2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_works3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:m_commdtm-hart:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:m_commdtm-io-link:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melfa-works:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melsec_wincpu_setting_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melsoft_em_software_development_kit_em_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melsoft_navigator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mh11_settingtool_version2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mi_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mt_works2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mx_component:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_cc_ie_control_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_cc_ie_field_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_cc-link_ver.2_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_mneth_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:px_developer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:rt_toolbox2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:rt_toolbox3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:slmp_data_collector:*:*:*:*:*:*:*:*
https://jvn.jp/vu/JVNVU92330101/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Handling of Length Parameter Inconsistency
EUVDB-ID: #VU50840
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-20588
CWE-ID:
CWE-130 - Improper Handling of Length Parameter Inconsistency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of length parameter inconsistency. A remote attacker can spoof MELSEC, GOT or FREQROL, return crafted reply packets and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSetting/monitoring tools for the C Controller module: All versions
CPU Module Logging Configuration Tool: All versions
CW Configurator: All versions
Data Transfer: All versions
EZSocket: All versions
Mitsubishi Electric FR Configurator2: All versions
FR Configurator: All versions
FR Configurator SW3: All versions
GT Designer3: All versions
GT SoftGOT1000 Version3: All versions
GT SoftGOT2000 Version1: All versions
GX Configurator-DP: - - 7.14Q
GX Configurator-QP: All versions
GX Developer: All versions
GX LogViewer: All versions
GX RemoteService-I: All versions
GX Works2: - - 1.597X
GX Works3: - - 1.070Y
M_CommDTM-HART: All versions
M_CommDTM-IO-Link: All versions
MELFA-Works: All versions
MELSEC WinCPU Setting Utility: All versions
MELSOFT EM Software Development Kit (EM Configurator): All versions
MELSOFT Navigator: All versions
MH11 SettingTool Version2: All versions
MI Configurator: All versions
MT Works2: All versions
MX Component: All versions
Network Interface Board CC IE Control utility: All versions
Network Interface Board CC IE Field Utility: All versions
Network Interface Board CC-Link Ver.2 Utility: All versions
Network Interface Board MNETH utility: All versions
PX Developer: All versions
RT ToolBox2: All versions
RT ToolBox3: All versions
SLMP Data Collector: All versions
CPE2.3- cpe:2.3:a:mitsubishi_electric:setting_monitoring_tools_for_the_c_controller_module:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:cw_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:data_transfer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:ezsocket:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mitsubishi_electric_fr_configurator2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:fr_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:fr_configurator_sw3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gt_designer3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gt_softgot1000_version3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gt_softgot2000_version1:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_configurator-dp:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_configurator-qp:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_developer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_logviewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_remoteservice-i:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_works2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:gx_works3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:m_commdtm-hart:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:m_commdtm-io-link:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melfa-works:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melsec_wincpu_setting_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melsoft_em_software_development_kit_em_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:melsoft_navigator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mh11_settingtool_version2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mi_configurator:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mt_works2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:mx_component:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_cc_ie_control_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_cc_ie_field_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_cc-link_ver.2_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:network_interface_board_mneth_utility:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:px_developer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:rt_toolbox2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:rt_toolbox3:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishi_electric:slmp_data_collector:*:*:*:*:*:*:*:*
https://jvn.jp/vu/JVNVU92330101/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
