Vulnerabilites related to mitsubishielectric - coreos
cve-2020-5648
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | x_refsource_MISC | |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | x_refsource_MISC | |
| https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU99562395/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GT14 Model of GOT 1000 series |
Version: (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GT14 Model of GOT 1000 series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:10:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GT14 Model of GOT 1000 series",
"version": {
"version_data": [
{
"version_value": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU99562395/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5648",
"datePublished": "2020-11-06T02:06:30",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5597
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:39",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5597",
"datePublished": "2020-07-07T08:05:39",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5598
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:40",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5598",
"datePublished": "2020-07-07T08:05:40",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5644
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | x_refsource_MISC | |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | x_refsource_MISC | |
| https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU99562395/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GT14 Model of GOT 1000 series |
Version: (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GT14 Model of GOT 1000 series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:12:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GT14 Model of GOT 1000 series",
"version": {
"version_data": [
{
"version_value": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU99562395/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5644",
"datePublished": "2020-11-06T02:06:27",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5647
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | x_refsource_MISC | |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | x_refsource_MISC | |
| https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU99562395/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GT14 Model of GOT 1000 series |
Version: (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GT14 Model of GOT 1000 series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T02:06:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GT14 Model of GOT 1000 series",
"version": {
"version_data": [
{
"version_value": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU99562395/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5647",
"datePublished": "2020-11-06T02:06:29",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5600
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Errors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5600",
"datePublished": "2020-07-07T08:05:41",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5599
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:40",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5599",
"datePublished": "2020-07-07T08:05:40",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5645
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | x_refsource_MISC | |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | x_refsource_MISC | |
| https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU99562395/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GT14 Model of GOT 1000 series |
Version: (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GT14 Model of GOT 1000 series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:14:37",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GT14 Model of GOT 1000 series",
"version": {
"version_data": [
{
"version_value": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU99562395/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5645",
"datePublished": "2020-11-06T02:06:27",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5596
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:39",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5596",
"datePublished": "2020-07-07T08:05:39",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5646
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | x_refsource_MISC | |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | x_refsource_MISC | |
| https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU99562395/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GT14 Model of GOT 1000 series |
Version: (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GT14 Model of GOT 1000 series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T14:54:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GT14 Model of GOT 1000 series",
"version": {
"version_data": [
{
"version_value": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU99562395/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5646",
"datePublished": "2020-11-06T02:06:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5649
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | x_refsource_MISC | |
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | x_refsource_MISC | |
| https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU99562395/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GT14 Model of GOT 1000 series |
Version: (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GT14 Model of GOT 1000 series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Errors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T14:40:46",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GT14 Model of GOT 1000 series",
"version": {
"version_data": [
{
"version_value": "(GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU99562395/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5649",
"datePublished": "2020-11-06T02:06:31",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5595
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5595",
"datePublished": "2020-07-07T08:05:39",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-11-06 03:15
Modified
2024-11-21 05:34
Severity ?
Summary
Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | gt1450-qlbde | - | |
| mitsubishielectric | gt1450-qmbde | - | |
| mitsubishielectric | gt1450hs-qmbde | - | |
| mitsubishielectric | gt1455-qtbde | - | |
| mitsubishielectric | gt1455hs-qtbde | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA010C-360A-4DE4-8F59-C67EA0569B2A",
"versionEndIncluding": "05.65.00.bd",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qlbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F587B0E6-D2B1-47CC-80FE-8004698E4F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF218A1A-4B6D-4510-80A7-CC22B8D027A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450hs-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E2C66-4742-4D50-A2AC-AE097BEF7CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2726AE6-8870-4FB3-B15C-88AAB26FBB9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455hs-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4C3649-B5DF-4D62-A1EC-4A9DD2CA128A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de control de acceso inapropiado en la funci\u00f3n TCP/IP incluida en el firmware del modelo GT14 de la serie GOT 1000 (GT1455-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores , GT1450-QLBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1455HS-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, y GT1450HS-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores), permite a un atacante no autenticado remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5647",
"lastModified": "2024-11-21T05:34:25.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T03:15:17.557",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de error de administraci\u00f3n de recursos, que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5600",
"lastModified": "2024-11-21T05:34:20.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.450",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 03:15
Modified
2024-11-21 05:34
Severity ?
Summary
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | gt1450-qlbde | - | |
| mitsubishielectric | gt1450-qmbde | - | |
| mitsubishielectric | gt1450hs-qmbde | - | |
| mitsubishielectric | gt1455-qtbde | - | |
| mitsubishielectric | gt1455hs-qtbde | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA010C-360A-4DE4-8F59-C67EA0569B2A",
"versionEndIncluding": "05.65.00.bd",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qlbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F587B0E6-D2B1-47CC-80FE-8004698E4F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF218A1A-4B6D-4510-80A7-CC22B8D027A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450hs-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E2C66-4742-4D50-A2AC-AE097BEF7CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2726AE6-8870-4FB3-B15C-88AAB26FBB9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455hs-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4C3649-B5DF-4D62-A1EC-4A9DD2CA128A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n TCP/IP incluida en el firmware del modelo GT14 de la serie GOT 1000 (GT1455-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QLBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1455HS-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, y GT1450HS-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores), permite a un atacante no autenticado remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5644",
"lastModified": "2024-11-21T05:34:24.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T03:15:17.307",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de desreferencia del puntero null, que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5597",
"lastModified": "2024-11-21T05:34:20.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), no administra apropiadamente las sesiones, lo que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5596",
"lastModified": "2024-11-21T05:34:20.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.153",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de desbordamiento del b\u00fafer, que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5595",
"lastModified": "2024-11-21T05:34:20.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.057",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 03:15
Modified
2024-11-21 05:34
Severity ?
Summary
Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | gt1450-qlbde | - | |
| mitsubishielectric | gt1450-qmbde | - | |
| mitsubishielectric | gt1450hs-qmbde | - | |
| mitsubishielectric | gt1455-qtbde | - | |
| mitsubishielectric | gt1455hs-qtbde | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA010C-360A-4DE4-8F59-C67EA0569B2A",
"versionEndIncluding": "05.65.00.bd",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qlbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F587B0E6-D2B1-47CC-80FE-8004698E4F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF218A1A-4B6D-4510-80A7-CC22B8D027A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450hs-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E2C66-4742-4D50-A2AC-AE097BEF7CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2726AE6-8870-4FB3-B15C-88AAB26FBB9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455hs-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4C3649-B5DF-4D62-A1EC-4A9DD2CA128A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de error en la administraci\u00f3n de recursos en la funci\u00f3n TCP/IP incluida en el firmware del modelo GT14 de la serie GOT 1000 (GT1455-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores , GT1450-QLBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1455HS-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, y GT1450HS-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores), permite a un atacante no autenticado remoto detener las funciones de red de los productos por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5649",
"lastModified": "2024-11-21T05:34:25.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T03:15:17.697",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con la versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una neutralizaci\u00f3n inapropiada de los delimitadores de argumentos en una vulnerabilidad de comando (\"Argument Injection\"), que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5599",
"lastModified": "2024-11-21T05:34:20.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.370",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 03:15
Modified
2024-11-21 05:34
Severity ?
Summary
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | gt1450-qlbde | - | |
| mitsubishielectric | gt1450-qmbde | - | |
| mitsubishielectric | gt1450hs-qmbde | - | |
| mitsubishielectric | gt1455-qtbde | - | |
| mitsubishielectric | gt1455hs-qtbde | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA010C-360A-4DE4-8F59-C67EA0569B2A",
"versionEndIncluding": "05.65.00.bd",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qlbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F587B0E6-D2B1-47CC-80FE-8004698E4F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF218A1A-4B6D-4510-80A7-CC22B8D027A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450hs-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E2C66-4742-4D50-A2AC-AE097BEF7CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2726AE6-8870-4FB3-B15C-88AAB26FBB9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455hs-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4C3649-B5DF-4D62-A1EC-4A9DD2CA128A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inapropiada de delimitadores de argumentos en un comando (\"Argument Injection\") en la funci\u00f3n TCP/IP incluida en el firmware del modelo GT14 de la serie GOT 1000 (GT1455-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QLBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1455HS-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, y GT1450HS-QMBDE CoreOS versi\u00f3n \u002705 .65 .00.BD\u0027 y anteriores), permite a atacantes no autenticados en la red adyacente detener las funciones de red de los productos por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5648",
"lastModified": "2024-11-21T05:34:25.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T03:15:17.620",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de control de acceso inapropiado, que puede permitir a un atacante remoto omitir una restricci\u00f3n de acceso y detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5598",
"lastModified": "2024-11-21T05:34:20.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.307",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 03:15
Modified
2024-11-21 05:34
Severity ?
Summary
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | gt1450-qlbde | - | |
| mitsubishielectric | gt1450-qmbde | - | |
| mitsubishielectric | gt1450hs-qmbde | - | |
| mitsubishielectric | gt1455-qtbde | - | |
| mitsubishielectric | gt1455hs-qtbde | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA010C-360A-4DE4-8F59-C67EA0569B2A",
"versionEndIncluding": "05.65.00.bd",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qlbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F587B0E6-D2B1-47CC-80FE-8004698E4F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF218A1A-4B6D-4510-80A7-CC22B8D027A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450hs-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E2C66-4742-4D50-A2AC-AE097BEF7CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2726AE6-8870-4FB3-B15C-88AAB26FBB9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455hs-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4C3649-B5DF-4D62-A1EC-4A9DD2CA128A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en la funci\u00f3n TCP/IP incluida en el firmware del modelo GT14 de la serie GOT 1000 (GT1455-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QLBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1455HS-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, y GT1450HS-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores), permite a un atacante no autenticado remoto detener las funciones de red de los productos por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5645",
"lastModified": "2024-11-21T05:34:24.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T03:15:17.400",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 03:15
Modified
2024-11-21 05:34
Severity ?
Summary
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU99562395/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | gt1450-qlbde | - | |
| mitsubishielectric | gt1450-qmbde | - | |
| mitsubishielectric | gt1450hs-qmbde | - | |
| mitsubishielectric | gt1455-qtbde | - | |
| mitsubishielectric | gt1455hs-qtbde | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA010C-360A-4DE4-8F59-C67EA0569B2A",
"versionEndIncluding": "05.65.00.bd",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qlbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F587B0E6-D2B1-47CC-80FE-8004698E4F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF218A1A-4B6D-4510-80A7-CC22B8D027A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1450hs-qmbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E2C66-4742-4D50-A2AC-AE097BEF7CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2726AE6-8870-4FB3-B15C-88AAB26FBB9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt1455hs-qtbde:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4C3649-B5DF-4D62-A1EC-4A9DD2CA128A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia del puntero NULL en la funci\u00f3n TCP/IP incluida en el firmware del modelo GT14 de la serie GOT 1000 (GT1455-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1450-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores , GT1450-QLBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, GT1455HS-QTBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores, y GT1450HS-QMBDE CoreOS versi\u00f3n \u002705 .65.00.BD\u0027 y anteriores), permite a un atacante no autenticado remoto detener las funciones de red de los productos por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5646",
"lastModified": "2024-11-21T05:34:25.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T03:15:17.480",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU99562395/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202007-1227
Vulnerability from variot
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5599",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46799",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5599",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5599",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46799",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-309",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5599",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46799",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"id": "VAR-202007-1227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
]
},
"last_update_date": "2024-11-23T22:05:45.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Injection vulnerabilities in many Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231121"
},
{
"title": "Multiple Mitsubishi Electric Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124078"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.8
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5599"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"date": "2020-07-07T09:15:10.370000",
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"date": "2024-11-21T05:34:20.397000",
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
],
"trust": 0.6
}
}
var-202007-1226
Vulnerability from variot
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5598",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46800",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5598",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5598",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-307",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-5598",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5598",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46800",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5598",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"id": "VAR-202007-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
}
]
},
"last_update_date": "2024-11-23T22:05:45.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Access control error vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231115"
},
{
"title": "Multiple Mitsubishi Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124076"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5598"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"date": "2020-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"date": "2020-07-07T09:15:10.307000",
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"date": "2024-11-21T05:34:20.297000",
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
],
"trust": 0.6
}
}
var-202007-1228
Vulnerability from variot
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5600",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5600",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5600",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46798",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-308",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5600",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46798",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"id": "VAR-202007-1228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
]
},
"last_update_date": "2024-11-23T22:05:45.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Resource management errors and vulnerabilities in multiple Mitsubishi Electric products (CNVD-2020-46798)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231124"
},
{
"title": "Multiple Mitsubishi Electric Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124077"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"date": "2020-07-07T09:15:10.450000",
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"date": "2024-11-21T05:34:20.490000",
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
],
"trust": 0.6
}
}
var-202007-1224
Vulnerability from variot
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5596",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38410",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5596",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5596",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-38410",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-305",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5596",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-38410",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"id": "VAR-202007-1224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
]
},
"last_update_date": "2024-11-23T22:05:45.706000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Multiple Mitsubishi Electric product authorization issues and vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248851"
},
{
"title": "Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.8
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5596"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"date": "2020-07-07T09:15:10.153000",
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"date": "2024-11-21T05:34:20.100000",
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
],
"trust": 0.6
}
}
var-202007-1225
Vulnerability from variot
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5597",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46801",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5597",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5597",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46801",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-306",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5597",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46801",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"id": "VAR-202007-1225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
]
},
"last_update_date": "2024-11-23T22:05:45.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Null pointer reference vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231106"
},
{
"title": "Multiple Mitsubishi Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5597"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"date": "2020-07-07T09:15:10.230000",
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"date": "2024-11-21T05:34:20.197000",
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
],
"trust": 0.6
}
}
var-202007-1223
Vulnerability from variot
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5595",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38411",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5595",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5595",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-38411",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-304",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5595"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5595",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-38411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"id": "VAR-202007-1223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
]
},
"last_update_date": "2024-11-23T22:05:45.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Buffer overflow vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248901"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5595"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"date": "2020-07-07T09:15:10.057000",
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"date": "2024-11-21T05:34:20",
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
}
],
"trust": 0.6
}
}