#VU32954 Path traversal in Mitsubishi Electric Universal components / Libraries


Published: 2020-07-31

Vulnerability identifier: #VU32954

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14523

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CW Configurator
Client/Desktop applications / Software for system administration
Mitsubishi Electric FR Configurator2
Client/Desktop applications / Software for system administration
GX Works2
Client/Desktop applications / Software for system administration
GX Works3
Client/Desktop applications / Software for system administration
MELSOFT iQ AppPortal
Client/Desktop applications / Software for system administration
MELSOFT Navigator
Client/Desktop applications / Software for system administration
MI Configurator
Client/Desktop applications / Software for system administration
MR Configurator2
Client/Desktop applications / Software for system administration
MT Works2
Client/Desktop applications / Software for system administration
RT ToolBox3
Client/Desktop applications / Software for system administration
MELSEC iQ-R series
Hardware solutions / Routers & switches, VoIP, GSM, etc
MX Component
Universal components / Libraries / Libraries used by multiple products

Vendor: Mitsubishi Electric

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.

Mitigation
Install update from vendor's website.

Vulnerable software versions

CW Configurator: 1.010L

Mitsubishi Electric FR Configurator2: 1.22Y

GX Works2: 1.595V

GX Works3: 1.063R

MELSEC iQ-R series: All versions

MELSOFT iQ AppPortal: All versions

MELSOFT Navigator: All versions

MI Configurator: All versions

MR Configurator2: All versions

MT Works2: 1.156N

MX Component: All versions

RT ToolBox3: 1.70Y

External links
http://ics-cert.us-cert.gov/advisories/icsa-20-212-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Path traversal in Mitsubishi Electric Factory Automation Products