CVE-2020-14523

Mitsubishi Electric Factory Automation Products Path Traversal

CVSS 8.3 HIGHEPSS 2.2%CWE-22

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Productos afectados

Mitsubishi Electric · CW Configurator Mitsubishi Electric · FR Configurator2 Mitsubishi Electric · GX Works2 Mitsubishi Electric · GX Works3 Mitsubishi Electric · MELSEC iQ-R Series Motion Module Mitsubishi Electric · MELSOFT iQ AppPortal Mitsubishi Electric · MELSOFT Navigator Mitsubishi Electric · MI Configurator Mitsubishi Electric · MR Configurator2 Mitsubishi Electric · MT Works2 Mitsubishi Electric · MX Component Mitsubishi Electric · RT ToolBox3

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jvn.jp/vu/JVNVU90224831/https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-008_en.pdf