Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Melsoft_navigator | Mitsubishielectric | * | * |
Gx_works3 | Mitsubishielectric | * | * |
Melsoft_iq_appportal | Mitsubishielectric | * | * |
Motion_control_setting | Mitsubishielectric | * | * |