CVE-2020-14523
HIGHMitsubishielectric CW Configurator < 1.010l - Path Traversal
Title source: ruleDescription
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
References (3)
Core 3
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03
Vendor Advisory x_refsource_misc
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf
Third Party Advisory x_refsource_misc
https://jvn.jp/vu/JVNVU90224831/
Scores
CVSS v3
8.3
EPSS
0.0126
EPSS Percentile
79.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (20)
mitsubishielectric/cw_configurator
< 1.010l
mitsubishielectric/fr_configurator2
< 1.22y
mitsubishielectric/gx_works2
< 1.595v
mitsubishielectric/gx_works3
< 1.063r
mitsubishielectric/iu_configuration_tool
< 1.04
mitsubishielectric/iu_developer2
< 1.08
mitsubishielectric/melsoft_iq_appportal
< 1.17t
mitsubishielectric/melsoft_navigator
< 2.70y
mitsubishielectric/mi_configurator
mitsubishielectric/mr_configurator2
< 1.110q
... and 10 more
Published
Feb 11, 2022
Tracked Since
Feb 18, 2026