Multiple vulnerabilities in lMitsubishi Electric FA engineering software products



Published: 2021-02-22
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-20587
CVE-2021-20588
CWE-ID CWE-122
CWE-130
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Setting/monitoring tools for the C Controller module
Other software / Other software solutions

Data Transfer
Other software / Other software solutions

EZSocket
Other software / Other software solutions

MH11 SettingTool Version2
Other software / Other software solutions

CPU Module Logging Configuration Tool
Client/Desktop applications / Software for system administration

CW Configurator
Client/Desktop applications / Software for system administration

Mitsubishi Electric FR Configurator2
Client/Desktop applications / Software for system administration

FR Configurator
Client/Desktop applications / Software for system administration

FR Configurator SW3
Client/Desktop applications / Software for system administration

GT Designer3
Client/Desktop applications / Software for system administration

GX Configurator-DP
Client/Desktop applications / Software for system administration

GX Configurator-QP
Client/Desktop applications / Software for system administration

GX Developer
Client/Desktop applications / Software for system administration

GX LogViewer
Client/Desktop applications / Software for system administration

GX RemoteService-I
Client/Desktop applications / Software for system administration

GX Works2
Client/Desktop applications / Software for system administration

GX Works3
Client/Desktop applications / Software for system administration

M_CommDTM-HART
Client/Desktop applications / Software for system administration

M_CommDTM-IO-Link
Client/Desktop applications / Software for system administration

MELFA-Works
Client/Desktop applications / Software for system administration

MELSOFT EM Software Development Kit (EM Configurator)
Client/Desktop applications / Software for system administration

MELSOFT Navigator
Client/Desktop applications / Software for system administration

MI Configurator
Client/Desktop applications / Software for system administration

MT Works2
Client/Desktop applications / Software for system administration

RT ToolBox2
Client/Desktop applications / Software for system administration

RT ToolBox3
Client/Desktop applications / Software for system administration

SLMP Data Collector
Client/Desktop applications / Software for system administration

GT SoftGOT1000 Version3
Server applications / SCADA systems

GT SoftGOT2000 Version1
Server applications / SCADA systems

MELSEC WinCPU Setting Utility
Operating systems & Components / Operating system package or component

MX Component
Universal components / Libraries / Libraries used by multiple products

Network Interface Board CC IE Control utility
Server applications / Other server solutions

Network Interface Board CC IE Field Utility
Server applications / Other server solutions

Network Interface Board CC-Link Ver.2 Utility
Server applications / Other server solutions

Network Interface Board MNETH utility
Server applications / Other server solutions

PX Developer
Client/Desktop applications / Other client software

Vendor Mitsubishi Electric

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU50839

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20587

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can spoof MELSEC, GOT or FREQROL and return crafted reply packets, trigger heap-based buffer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Setting/monitoring tools for the C Controller module: All versions

CPU Module Logging Configuration Tool: All versions

CW Configurator: All versions

Data Transfer: All versions

EZSocket: All versions

Mitsubishi Electric FR Configurator2: All versions

FR Configurator: All versions

FR Configurator SW3: All versions

GT Designer3: All versions

GT SoftGOT1000 Version3: All versions

GT SoftGOT2000 Version1: All versions

GX Configurator-DP: 7.14Q

GX Configurator-QP: All versions

GX Developer: All versions

GX LogViewer: All versions

GX RemoteService-I: All versions

GX Works2: 1.597X

GX Works3: 1.070Y

M_CommDTM-HART: All versions

M_CommDTM-IO-Link: All versions

MELFA-Works: All versions

MELSEC WinCPU Setting Utility: All versions

MELSOFT EM Software Development Kit (EM Configurator): All versions

MELSOFT Navigator: All versions

MH11 SettingTool Version2: All versions

MI Configurator: All versions

MT Works2: All versions

MX Component: All versions

Network Interface Board CC IE Control utility: All versions

Network Interface Board CC IE Field Utility: All versions

Network Interface Board CC-Link Ver.2 Utility: All versions

Network Interface Board MNETH utility: All versions

PX Developer: All versions

RT ToolBox2: All versions

RT ToolBox3: All versions

SLMP Data Collector: All versions

CPE2.3 External links

http://jvn.jp/vu/JVNVU92330101/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Handling of Length Parameter Inconsistency

EUVDB-ID: #VU50840

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20588

CWE-ID: CWE-130 - Improper Handling of Length Parameter Inconsistency

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of length parameter inconsistency. A remote attacker can spoof MELSEC, GOT or FREQROL, return crafted reply packets and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Setting/monitoring tools for the C Controller module: All versions

CPU Module Logging Configuration Tool: All versions

CW Configurator: All versions

Data Transfer: All versions

EZSocket: All versions

Mitsubishi Electric FR Configurator2: All versions

FR Configurator: All versions

FR Configurator SW3: All versions

GT Designer3: All versions

GT SoftGOT1000 Version3: All versions

GT SoftGOT2000 Version1: All versions

GX Configurator-DP: 7.14Q

GX Configurator-QP: All versions

GX Developer: All versions

GX LogViewer: All versions

GX RemoteService-I: All versions

GX Works2: 1.597X

GX Works3: 1.070Y

M_CommDTM-HART: All versions

M_CommDTM-IO-Link: All versions

MELFA-Works: All versions

MELSEC WinCPU Setting Utility: All versions

MELSOFT EM Software Development Kit (EM Configurator): All versions

MELSOFT Navigator: All versions

MH11 SettingTool Version2: All versions

MI Configurator: All versions

MT Works2: All versions

MX Component: All versions

Network Interface Board CC IE Control utility: All versions

Network Interface Board CC IE Field Utility: All versions

Network Interface Board CC-Link Ver.2 Utility: All versions

Network Interface Board MNETH utility: All versions

PX Developer: All versions

RT ToolBox2: All versions

RT ToolBox3: All versions

SLMP Data Collector: All versions

CPE2.3 External links

http://jvn.jp/vu/JVNVU92330101/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###