Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.
References
Link | Resource |
---|---|
https://jvn.jp/en/vu/JVNVU91424496/index.html | Third Party Advisory |
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf | Vendor Advisory |
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Information
Published : 2020-06-23 01:15
Updated : 2020-07-01 12:09
NVD link : CVE-2020-5594
Mitre link : CVE-2020-5594
JSON object : View
CWE
CWE-319
Cleartext Transmission of Sensitive Information
Products Affected
mitsubishielectric
- melsec-l
- melsec-fx
- melsec_iq-f_firmware
- melsec-q
- melsec-fx_firmware
- melsec_iq-f
- melsec-l_firmware
- melsec-q_firmware
- melsec_iq-r
- melsec_iq-r_firmware