QID 590538

Date Published: 2021-09-22

QID 590538: Mitsubishi Electric FA engineering software products (Update B) Multiple Vulnerabilities (ICSA-21-049-02)

AFFECTED PRODUCTS
Mitsubishi Electric reports these vulnerabilities affect the following FA engineering software products that communicate with MELSEC, FREQROL, or GOT products:
CPU Module Logging Configuration Tool, Versions 1.112R and prior
CW Configurator, Versions 1.011M and prior
Data Transfer, Versions 3.44W and prior
FR Configurator2, versions 1.24A and prior
GT Designer3 Version1(GOT1000), Versions 1.250L and prior
GT Designer3 Version1(GOT2000), Versions 1.250L and prior
GT SoftGOT1000 Version3, Versions 3.245F and prior
GT SoftGOT2000 Version1, Versions 1.250L and prior
GX LogViewer, Versions 1.115U and prior
iQ Monozukuri ANDON (Data Transfer), all versions
iQ Monozukuri Process Remote Monitoring (Data Transfer), all versions
PX Developer, versions 1.53F and prior
RT ToolBox3, versions 1.82L and prior
C Controller module setting and monitoring tool, all versions
EZSocket, all versions
FR Configurator SW3, all versions
FR Configurator, all versions
GX Configurator-DP, Versions 7.14Q and prior
GX Configurator-QP, all versions
GX Developer, Versions 8.506C and prior
MELSOFT Navigator, Versions 2.74C and prior
GX Explorer, all versions
GX IEC Developer, all versions
GX RemoteService-I, all versions
GX Works2, Versions 1.597X and prior
GX Works3, Versions 1.070Y and prior
M_CommDTM-HART, all versions
M_CommDTM-IO-Link, all versions
MELFA-Works, all versions
MELSEC WinCPU Setting Utility, all versions
MELSOFT EM Software Development Kit (EM Configurator), all versions
MH11 SettingTool Version2, all versions
MI Configurator, all versions
MT Works2, all versions
MX Component, all versions
Network Interface Board CC IE Control utility, all versions
Network Interface Board CC IE Field Utility, all versions
Network Interface Board CC-Link Ver.2 Utility, all versions
Network Interface Board MNETH utility, all versions
RT ToolBox2, all versions
Setting/monitoring tools for the C Controller module, all versions
SLMP Data Collector, all versions

QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys

Successful exploitation of these vulnerabilities may cause a denial-of-service condition.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as High - 7.5 severity.

Solution

Customers are advised to refer to CERT MITIGATIONS section ICSA-21-049-02 for affected packages and patching details.

Vendor References

ICSA-21-049-02 - www.us-cert.gov/ics/advisories/ICSA-21-049-02

CVEs related to QID 590538

CVE-2021-20588 | CVE-2021-20587 |

Software Advisories

Advisory ID	Software	Component	Link
ICSA-21-049-02			www.us-cert.gov/ics/advisories/ICSA-21-049-02

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].