Vulnerabilities > CVE-2021-20588 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitsubishielectric products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mitsubishielectric

CWE-119

critical

NVD

Published: 2021-02-19

Updated: 2023-10-18

Summary

Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.

Vulnerable Configurations

Part	Description	Count
Application	Mitsubishielectric Mitsubishielectric Melfa Works - Mitsubishielectric Melfa Works 4.4 Mitsubishielectric RT Toolbox2 - Mitsubishielectric RT Toolbox2 3.73B Mitsubishielectric Ezsocket * Mitsubishielectric FR Configurator * Mitsubishielectric FR Configurator SW3 * Mitsubishielectric GX Configurator DP - Mitsubishielectric GX Configurator DP 7.14Q Mitsubishielectric GX Configurator QP * Mitsubishielectric GX Explorer * Mitsubishielectric GX IEC Developer * Mitsubishielectric GX Works2 - Mitsubishielectric GX Works2 1.590Q Mitsubishielectric GX Works2 1.595V Mitsubishielectric GX Works2 1.597X Mitsubishielectric GX Works3 - Mitsubishielectric GX Works3 1.060N Mitsubishielectric GX Works3 1.063R Mitsubishielectric GX Works3 1.065T Mitsubishielectric GX Works3 1.070Y Mitsubishielectric M Commdtm Hart * Mitsubishielectric M Commdtm IO Link * Mitsubishielectric Melsec Wincpu Setting Utility * Mitsubishielectric Melsoft EM Software Development KIT * Mitsubishielectric MI Configurator * Mitsubishielectric Network Interface Board CC IE Control Utility * Mitsubishielectric Network Interface Board CC IE Field Utility * Mitsubishielectric Network Interface Board Mneth Utility * Mitsubishielectric Setting/Monitoring Tools FOR THE C Controller Module * Mitsubishielectric C Controller Module Setting AND Monitoring Tool * Mitsubishielectric GX Remoteservice I * Mitsubishielectric Network Interface Board CC Link * Mitsubishielectric Melsoft Navigator - Mitsubishielectric Melsoft Navigator 2.62Q Mitsubishielectric Melsoft Navigator 2.70Y Mitsubishielectric Melsoft Navigator 2.74C Mitsubishielectric MT Works2 - Mitsubishielectric MT Works2 1.156N Mitsubishielectric MT Works2 1.160S Mitsubishielectric MT Works2 1.167Z Mitsubishielectric PX Developer - Mitsubishielectric RT Toolbox3 - Mitsubishielectric RT Toolbox3 1.60N Mitsubishielectric RT Toolbox3 1.70Y Mitsubishielectric RT Toolbox3 1.80J Mitsubishielectric RT Toolbox3 1.82L Mitsubishielectric Slmp Data Collector - Mitsubishielectric MX Component - Mitsubishielectric MX Component 4.20W Mitsubishielectric Mh11 Settingtool Version2 - Mitsubishielectric Mh11 Settingtool Version2 2.003D Mitsubishielectric IQ Monozukuri Andon - Mitsubishielectric IQ Monozukuri Process Remote Monitoring - Mitsubishielectric GX Logviewer - Mitsubishielectric GX Logviewer 1.100E Mitsubishielectric GX Logviewer 1.106K Mitsubishielectric GX Developer - Mitsubishielectric GX Developer 8.504A Mitsubishielectric GT Softgot2000 - Mitsubishielectric GT Softgot2000 1.0 Mitsubishielectric GT Softgot2000 1.170C Mitsubishielectric GT Softgot2000 1.235V Mitsubishielectric GT Softgot2000 1.236W Mitsubishielectric GT Softgot2000 1.241B Mitsubishielectric GT Softgot1000 - Mitsubishielectric GT Softgot1000 3.0 Mitsubishielectric GT Softgot1000 3.200J Mitsubishielectric FR Configurator2 - Mitsubishielectric FR Configurator2 1.22Y Mitsubishielectric FR Configurator2 1.23Z Mitsubishielectric Data Transfer - Mitsubishielectric Data Transfer 3.40S Mitsubishielectric Data Transfer 3.41T Mitsubishielectric Data Transfer 3.42U Mitsubishielectric CW Configurator - Mitsubishielectric CW Configurator 1.010L Mitsubishielectric CPU Module Logging Configuration Tool - Mitsubishielectric CPU Module Logging Configuration Tool 1.94Y Mitsubishielectric CPU Module Logging Configuration Tool 1.100E Mitsubishielectric CPU Module Logging Configuration Tool 1.106K Mitsubishielectric GT Designer3 - Mitsubishielectric GT Designer3 1.221F Mitsubishielectric GT Designer3 1.235V Mitsubishielectric GT Designer3 1.236W	85

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References