#VU32955 Permissions, Privileges, and Access Controls in Mitsubishi Electric products - CVE-2020-14496

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU32955

#VU32955 Permissions, Privileges, and Access Controls in Mitsubishi Electric products - CVE-2020-14496

Published: July 31, 2020


Vulnerability identifier: #VU32955
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-14496
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
CPU Module Logging Configuration Tool
CW Configurator
Mitsubishi Electric FR Configurator2
GT Designer3
GX LogViewer
GX Works2
GX Works3
M_CommDTM-HART
M_CommDTM-IO-Link
MELFA-Works
MELSOFT FieldDeviceConfigurator
MELSOFT Navigator
MI Configurator
MR Configurator2
MT Works2
RT ToolBox2
RT ToolBox3
Data Transfer
EZSocket
MH11 SettingTool Version2
Setting/monitoring tools for the C Controller module
GT SoftGOT1000 Version3
GT SoftGOT2000 Version1
MELSEC WinCPU Setting Utility
MELSOFT EM Software Development Kit
Motorizer
PX Developer
MX Component
Network Interface Board CC IE Control utility
Network Interface Board CC IE Field Utility
Network Interface Board CC-Link Ver.2 Utility
Network Interface Board MNETH utility
Software vendor:
Mitsubishi Electric

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


Remediation

Install updates from vendor's website.

External links