CVE-2020-5594 – CVE-2020-5594 is a vulnerability in Mitsubishi ... (How to Fix)

Q: What is the severity of CVE-2020-5594?

CVE-2020-5594 has a CVSS score of 9.8 (CRITICAL). CVE-2020-5594 is a vulnerability in Mitsubishi Electric PLC CPU modules that transmits sensitive information in cleartext between CPU modules and engineering software (GX Works2/3). This allows attackers on the same network to intercept credentials, configuration data, and control commands. All users of affected Mitsubishi Electric MELSEC PLC series are impacted.

📋 TL;DR

CVE-2020-5594 is a vulnerability in Mitsubishi Electric PLC CPU modules that transmits sensitive information in cleartext between CPU modules and engineering software (GX Works2/3). This allows attackers on the same network to intercept credentials, configuration data, and control commands. All users of affected Mitsubishi Electric MELSEC PLC series are impacted.

💻 Affected Systems

Products:

Mitsubishi Electric MELSEC iQ-R series CPU modules
Mitsubishi Electric MELSEC iQ-F series CPU modules
Mitsubishi Electric MELSEC Q series CPU modules
Mitsubishi Electric MELSEC L series CPU modules
Mitsubishi Electric MELSEC FX series CPU modules

Versions: All versions

Operating Systems: Not applicable - PLC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in communication between CPU modules and GX Works2/GX Works3 engineering software.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of industrial control systems allowing attackers to intercept credentials, modify PLC logic, disrupt operations, or cause physical damage to equipment.

🟠

Likely Case

Unauthorized access to sensitive configuration data, program logic theft, and potential manipulation of industrial processes.

🟢

If Mitigated

Limited to network reconnaissance and information gathering if proper network segmentation and encryption are implemented.

🌐 Internet-Facing: MEDIUM - While typically not internet-facing, exposed OT networks or misconfigurations could expose these systems.

🏢 Internal Only: HIGH - Most industrial control systems operate on internal networks where this vulnerability is easily exploitable.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the communication channel between PLC and engineering workstation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GX Works3 Version 1.095R or later, GX Works2 Version 1.611R or later

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf

Restart Required: Yes

Instructions:

1. Update GX Works3 to Version 1.095R or later. 2. Update GX Works2 to Version 1.611R or later. 3. Restart engineering workstations. 4. Verify communication uses encrypted channels.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLC networks from other networks using firewalls and VLANs

Encrypted VPN Tunnel

all

Establish encrypted VPN tunnels between engineering stations and PLCs

🧯 If You Can't Patch

Implement strict network segmentation to isolate PLC communication channels
Use encrypted communication protocols or VPNs for all PLC engineering access

🔍 How to Verify

Check if Vulnerable:

Check if using affected Mitsubishi PLCs with GX Works2/3 versions below the patched versions

Check Version:

In GX Works: Help → About GX Works

Verify Fix Applied:

Verify GX Works3 is Version 1.095R or later and GX Works2 is Version 1.611R or later

📡 Detection & Monitoring

Log Indicators:

Unusual network traffic patterns between engineering stations and PLCs
Multiple failed connection attempts to PLC ports

Network Indicators:

Cleartext traffic on PLC communication ports (typically 5006/UDP, 5007/TCP)
Unencrypted MELSEC protocol traffic

SIEM Query:

source_ip IN (engineering_stations) AND dest_ip IN (plc_ips) AND protocol IN (tcp, udp) AND dest_port IN (5006, 5007) AND NOT encrypted=true

📊 Metadata

CVE ID: CVE-2020-5594

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-319

Published: June 23, 2020

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU91424496/index.html Third Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU91424496/index.html Third Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5594, you might also want to check these: