CVE-2020-5594

CRITICAL

Mitsubishi Electric - Info Disclosure

Title source: llm

Description

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf

Vendor Advisory x_refsource_misc

https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf

Third Party Advisory x_refsource_misc

https://jvn.jp/en/vu/JVNVU91424496/index.html

Scores

CVSS v3 9.8

EPSS 0.0033

EPSS Percentile 56.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (5)

mitsubishielectric/melsec-fx_firmware

mitsubishielectric/melsec-l_firmware

mitsubishielectric/melsec-q_firmware

mitsubishielectric/melsec_iq-f_firmware

mitsubishielectric/melsec_iq-r_firmware

Published Jun 23, 2020

Tracked Since Feb 18, 2026