CVE-2020-5594

Published: Jun 23, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.

Affected (5)

Products: Mitsubishielectric: Melsec Iq R Firmware, Melsec Iq F Firmware, Melsec Q Firmware, Melsec L Firmware, Melsec Fx Firmware

5 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq F Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq F	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec L Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec L	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Fx Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Fx	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (6)

https://jvn.jp/en/vu/JVNVU91424496/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/vu/JVNVU91424496/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.