CVE-2020-14496 HIGH

CVE-2020-14496: Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues

Vendor Mitsubishi Electric
Product CPU Module Logging Configuration Tool
Weakness CWE-275
Published May 19, 2022
Last update April 16, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

Key dates

02Disclosure timeline

May 19, 2022 CVE published
April 16, 2025 Record updated