Vulnerabilites related to mitsubishielectric - got2000_gt27
cve-2020-5597
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:39",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5597",
"datePublished": "2020-07-07T08:05:39",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5599
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:40",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5599",
"datePublished": "2020-07-07T08:05:40",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20590
Vulnerability from cvelistv5
Published
2021-04-22 18:54
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf | x_refsource_CONFIRM | |
| https://jvn.jp/vu/JVNVU97615777/index.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | GOT2000 series GT27 model |
Version: VNC server version 01.39.010 and prior |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27 model",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.39.010 and prior"
}
]
},
{
"product": "GOT2000 series GT25 model",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.39.010 and prior"
}
]
},
{
"product": "GOT2000 series GT21 model GT2107-WTBD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT2000 series GT21 model GT2107-WTSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T17:51:58",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27 model",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.39.010 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT25 model",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.39.010 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT21 model GT2107-WTBD",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT21 model GT2107-WTSD",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf",
"refsource": "CONFIRM",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97615777/index.html",
"refsource": "CONFIRM",
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20590",
"datePublished": "2021-04-22T18:54:28",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40266
Vulnerability from cvelistv5
Published
2022-11-24 08:20
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric | GOT2000 Series GT27 model |
Version: FTP server versions 01.39.000 and prior |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 Series GT27 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT25 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT23 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T08:20:14.606Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-40266",
"datePublished": "2022-11-24T08:20:14.606Z",
"dateReserved": "2022-09-08T19:40:16.931Z",
"dateUpdated": "2024-08-03T12:14:39.945Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5598
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:40",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5598",
"datePublished": "2020-07-07T08:05:40",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20592
Vulnerability from cvelistv5
Published
2021-08-05 20:46
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU92414172/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000 |
Version: communication driver versions 01.19.000 through 01.39.010 Version: versions 1.170C through 1.256S |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "communication driver versions 01.19.000 through 01.39.010"
},
{
"status": "affected",
"version": "versions 1.170C through 1.256S"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing synchronization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T19:06:33",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
"version": {
"version_data": [
{
"version_value": "communication driver versions 01.19.000 through 01.39.010"
},
{
"version_value": "communication driver versions 01.19.000 through 01.39.010"
},
{
"version_value": "communication driver versions 01.19.000 through 01.39.010"
},
{
"version_value": "versions 1.170C through 1.256S"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing synchronization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92414172/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20592",
"datePublished": "2021-08-05T20:46:50",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5595
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5595",
"datePublished": "2020-07-07T08:05:39",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5596
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:39",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5596",
"datePublished": "2020-07-07T08:05:39",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5600
Vulnerability from cvelistv5
Published
2020-07-07 08:05
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU95413676/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | GOT2000 series GT27, GT25, and GT23 |
Version: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27, GT25, and GT23",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Errors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T08:05:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27, GT25, and GT23",
"version": {
"version_data": [
{
"version_value": "CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95413676/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5600",
"datePublished": "2020-07-07T08:05:41",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de desbordamiento del b\u00fafer, que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5595",
"lastModified": "2024-11-21T05:34:20.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.057",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con la versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una neutralizaci\u00f3n inapropiada de los delimitadores de argumentos en una vulnerabilidad de comando (\"Argument Injection\"), que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5599",
"lastModified": "2024-11-21T05:34:20.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.370",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-24 09:15
Modified
2024-11-21 07:21
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU95633416 | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU95633416 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91ACCF31-669A-4678-98DD-03B8E2E4A434",
"versionEndIncluding": "01.39.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C7EF57-5EF6-46A6-BB78-5FACC88F8425",
"versionEndIncluding": "01.39.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF0C5C9-AF4E-4E31-8B41-06FBC0A7FEC5",
"versionEndIncluding": "01.39.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT27 versiones 01.39.000 y anteriores, el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT25 versiones 01.39.000 y anteriores y el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT23 versiones 01.39.000 y anteriores lo permite un atacante remoto autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de un comando especialmente manipulado."
}
],
"id": "CVE-2022-40266",
"lastModified": "2024-11-21T07:21:09.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-24T09:15:09.587",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de error de administraci\u00f3n de recursos, que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5600",
"lastModified": "2024-11-21T05:34:20.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.450",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), no administra apropiadamente las sesiones, lo que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5596",
"lastModified": "2024-11-21T05:34:20.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.153",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de desreferencia del puntero null, que puede permitir a un atacante remoto detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5597",
"lastModified": "2024-11-21T05:34:20.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | coreos | * | |
| mitsubishielectric | got2000_gt23 | - | |
| mitsubishielectric | got2000_gt25 | - | |
| mitsubishielectric | got2000_gt27 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B3764-DAF9-474A-B7B9-B2EF0D75D5BE",
"versionEndIncluding": "y",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n TCP/IP incluida en el firmware de la serie Mitsubishi Electric GOT2000 (CoreOS con versi\u00f3n -Y e instalada anteriormente en los modelos GT27, GT25 y GT23), contiene una vulnerabilidad de control de acceso inapropiado, que puede permitir a un atacante remoto omitir una restricci\u00f3n de acceso y detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5598",
"lastModified": "2024-11-21T05:34:20.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T09:15:10.307",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU95413676/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:46
Severity ?
Summary
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0740E37-3A9B-4801-A13B-78074EAB8A17",
"versionEndIncluding": "1.256s",
"versionStartIncluding": "1.170c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45982806-0EFC-4BCD-92D3-86359B2E4D6D",
"versionEndIncluding": "01.39.010",
"versionStartIncluding": "01.19.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A826C36-066C-4FE2-875F-8F1A5917B3DA",
"versionEndIncluding": "01.39.010",
"versionStartIncluding": "01.19.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "728EF30F-2820-4496-870B-F3C815FF1183",
"versionEndIncluding": "01.39.010",
"versionStartIncluding": "01.19.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falta de sincronizaci\u00f3n en el controlador de comunicaci\u00f3n del modelo GT27 de la serie GOT2000 versiones 01.19.000 hasta 01.39.010, el controlador de comunicaci\u00f3n del modelo GT25 versiones 01.19.000 hasta 01.39.010 y el controlador de comunicaci\u00f3n del modelo GT23 versiones 01.19.000 hasta 01.39. 010 y GT SoftGOT2000 versiones 1.170C a 1.256S, permite a un atacante remoto no autenticado causar una condici\u00f3n de DoS en la funci\u00f3n de comunicaci\u00f3n esclava MODBUS/TCP de los productos al conectarse y desconectarse r\u00e1pida y repetidamente del puerto de comunicaci\u00f3n MODBUS/TCP en un objetivo. Es requerido un reinicio o un restablecimiento para recuperarse"
}
],
"id": "CVE-2021-20592",
"lastModified": "2024-11-21T05:46:50.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:10.467",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-662"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A5B6C7-8B78-4129-B86E-B7CF89F516C6",
"versionEndIncluding": "01.39.010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E4DB38-4E11-45AD-AD7D-83A4176AF2AC",
"versionEndIncluding": "01.39.010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEB8E65-0B88-4E32-BF2C-0A48DBE69A29",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8D058D-DDFB-45D4-BF67-52F47CA0634C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D35B387-13E1-4A4B-85FE-1859328A2C1F",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A4460D-F108-4DAE-AB65-1083C140F63C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1653C34C-63FD-4415-A3DE-31209CBBF934",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA7AF60-7B6A-4ED7-AA1B-40C5097E4EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gs2107-wtbd-n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2961DA-1947-4DC7-9A8B-05E8588BA2A6",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gs2107-wtbd-n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63EA140E-C23D-41FF-B4EF-686C2D42BD22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
},
{
"lang": "es",
"value": "Vulnerabilidad de autenticaci\u00f3n inadecuada en el servidor VNC de la serie GOT2000 modelo GT27 versiones 01.39.010 y anteriores, servidor VNC de la serie GOT2000 modelo GT25 versiones 01.39.010 y anteriores, servidor VNC de la serie GOT2000 modelo GT2107-WTBD versiones 01.40.000 y anteriores, servidor VNC de la serie GOT2000 modelo GT2107-WTSD versiones 01.40. 000 y anteriores, el servidor VNC de la serie GOT SIMPLE GS21 modelo GS2110-WTBD-N versiones 01.40.000 y anteriores y el servidor VNC de la serie GOT SIMPLE GS21 modelo GS2107-WTBD-N versiones 01.40.000 y anteriores permite a un atacante remoto no autenticado obtener acceso no autorizado a trav\u00e9s de paquetes especialmente dise\u00f1ados cuando se utiliza la funci\u00f3n \"servidor VNC\"."
}
],
"id": "CVE-2021-20590",
"lastModified": "2024-11-21T05:46:50.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T19:15:07.363",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}