Vulnerabilites related to Mitsubishi Electric - GOT2000 Series GT25 model
cve-2022-40266
Vulnerability from cvelistv5
Published
2022-11-24 08:20
Modified
2024-08-03 12:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
References
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
https://jvn.jp/vu/JVNVU95633416
Impacted products
Vendor Product Version
Mitsubishi Electric GOT2000 Series GT27 model Version: FTP server versions 01.39.000 and prior
 Create a notification for this product.
   Mitsubishi Electric GOT2000 Series GT25 model Version: FTP server versions 01.39.000 and prior
 Create a notification for this product.
   Mitsubishi Electric GOT2000 Series GT23 model Version: FTP server versions 01.39.000 and prior
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:39.945Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU95633416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GOT2000 Series GT27 model",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "FTP server versions 01.39.000 and prior"
            }
          ]
        },
        {
          "product": "GOT2000 Series GT25 model",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "FTP server versions 01.39.000 and prior"
            }
          ]
        },
        {
          "product": "GOT2000 Series GT23 model",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "FTP server versions 01.39.000 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
            }
          ],
          "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-24T08:20:14.606Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
        },
        {
          "url": "https://jvn.jp/vu/JVNVU95633416"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2022-40266",
    "datePublished": "2022-11-24T08:20:14.606Z",
    "dateReserved": "2022-09-08T19:40:16.931Z",
    "dateUpdated": "2024-08-03T12:14:39.945Z",
    "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}