Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RVD#3320: XML External Entity (XXE) attacks via unspecified vectors on Mitsubishi products #3320

Open
rvd-bot opened this issue Jul 4, 2020 · 0 comments
Open

RVD#3320: XML External Entity (XXE) attacks via unspecified vectors on Mitsubishi products #3320

rvd-bot opened this issue Jul 4, 2020 · 0 comments
Labels
triage Needs triage vendor: Mitsubishi Electric vulnerability

Comments

@rvd-bot
Copy link
Contributor

rvd-bot commented Jul 4, 2020
edited by vmayoral
Loading 

id: 3320
title: 'RVD#3320: XML External Entity (XXE) attacks via unspecified vectors on Mitsubishi products'
type: vulnerability
description: Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration
  Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software
  Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000)
  Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L
  and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link
  Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed
  I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator
  Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator
  Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control
  Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2
  Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver.
  1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks
  via unspecified vectors.
cwe: None
cve: CVE-2020-5602
keywords: ''
system: ''
vendor: "Mitsubishi"
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: ''
  cvss-score: 0.0
  cvss-vector: CVSS:3.0/NONE
links:
- https://jvn.jp/en/vu/JVNVU90307594/index.html
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-004_en.pdf
- https://nvd.nist.gov/vuln/detail/CVE-2020-5602
- https://vulners.com/cve/CVE-2020-5602
- https://github.com/aliasrobotics/RVD/issues/3320
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2020-06-30'
  detected-by: ''
  detected-by-method: N/A
  date-reported: '2020-07-01'
  reported-by: ''
  reported-by-relationship: N/A
  issue: https://github.com/aliasrobotics/RVD/issues/3320
  reproducibility: ''
  trace: ''
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''
@rvd-bot rvd-bot changed the title Mitsubishi Electoric FA Engineering Software (CPU Module Logging RVD#3320: Mitsubishi Electoric FA Engineering Software (CPU Module Logging Jul 4, 2020
@vmayoral vmayoral changed the title RVD#3320: Mitsubishi Electoric FA Engineering Software (CPU Module Logging RVD#3320: XML External Entity (XXE) attacks via unspecified vectors on Mitsubishi products Jul 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage Needs triage vendor: Mitsubishi Electric vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vmayoral @rvd-bot