Vulnerabilites related to mitsubishielectric - got2000_gt27_firmware
cve-2021-20590
Vulnerability from cvelistv5
Published
2021-04-22 18:54
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf | x_refsource_CONFIRM | |
| https://jvn.jp/vu/JVNVU97615777/index.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | GOT2000 series GT27 model |
Version: VNC server version 01.39.010 and prior |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27 model",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.39.010 and prior"
}
]
},
{
"product": "GOT2000 series GT25 model",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.39.010 and prior"
}
]
},
{
"product": "GOT2000 series GT21 model GT2107-WTBD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT2000 series GT21 model GT2107-WTSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T17:51:58",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27 model",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.39.010 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT25 model",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.39.010 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT21 model GT2107-WTBD",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT21 model GT2107-WTSD",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf",
"refsource": "CONFIRM",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97615777/index.html",
"refsource": "CONFIRM",
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20590",
"datePublished": "2021-04-22T18:54:28",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40266
Vulnerability from cvelistv5
Published
2022-11-24 08:20
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric | GOT2000 Series GT27 model |
Version: FTP server versions 01.39.000 and prior |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 Series GT27 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT25 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT23 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T08:20:14.606Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-40266",
"datePublished": "2022-11-24T08:20:14.606Z",
"dateReserved": "2022-09-08T19:40:16.931Z",
"dateUpdated": "2024-08-03T12:14:39.945Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20592
Vulnerability from cvelistv5
Published
2021-08-05 20:46
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU92414172/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000 |
Version: communication driver versions 01.19.000 through 01.39.010 Version: versions 1.170C through 1.256S |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "communication driver versions 01.19.000 through 01.39.010"
},
{
"status": "affected",
"version": "versions 1.170C through 1.256S"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing synchronization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T19:06:33",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
"version": {
"version_data": [
{
"version_value": "communication driver versions 01.19.000 through 01.39.010"
},
{
"version_value": "communication driver versions 01.19.000 through 01.39.010"
},
{
"version_value": "communication driver versions 01.19.000 through 01.39.010"
},
{
"version_value": "versions 1.170C through 1.256S"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing synchronization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92414172/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20592",
"datePublished": "2021-08-05T20:46:50",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:46
Severity ?
Summary
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:gt_softgot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0740E37-3A9B-4801-A13B-78074EAB8A17",
"versionEndIncluding": "1.256s",
"versionStartIncluding": "1.170c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45982806-0EFC-4BCD-92D3-86359B2E4D6D",
"versionEndIncluding": "01.39.010",
"versionStartIncluding": "01.19.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A826C36-066C-4FE2-875F-8F1A5917B3DA",
"versionEndIncluding": "01.39.010",
"versionStartIncluding": "01.19.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "728EF30F-2820-4496-870B-F3C815FF1183",
"versionEndIncluding": "01.39.010",
"versionStartIncluding": "01.19.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falta de sincronizaci\u00f3n en el controlador de comunicaci\u00f3n del modelo GT27 de la serie GOT2000 versiones 01.19.000 hasta 01.39.010, el controlador de comunicaci\u00f3n del modelo GT25 versiones 01.19.000 hasta 01.39.010 y el controlador de comunicaci\u00f3n del modelo GT23 versiones 01.19.000 hasta 01.39. 010 y GT SoftGOT2000 versiones 1.170C a 1.256S, permite a un atacante remoto no autenticado causar una condici\u00f3n de DoS en la funci\u00f3n de comunicaci\u00f3n esclava MODBUS/TCP de los productos al conectarse y desconectarse r\u00e1pida y repetidamente del puerto de comunicaci\u00f3n MODBUS/TCP en un objetivo. Es requerido un reinicio o un restablecimiento para recuperarse"
}
],
"id": "CVE-2021-20592",
"lastModified": "2024-11-21T05:46:50.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:10.467",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jvn.jp/vu/JVNVU92414172/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-662"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-24 09:15
Modified
2024-11-21 07:21
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU95633416 | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU95633416 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91ACCF31-669A-4678-98DD-03B8E2E4A434",
"versionEndIncluding": "01.39.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C7EF57-5EF6-46A6-BB78-5FACC88F8425",
"versionEndIncluding": "01.39.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF0C5C9-AF4E-4E31-8B41-06FBC0A7FEC5",
"versionEndIncluding": "01.39.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT27 versiones 01.39.000 y anteriores, el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT25 versiones 01.39.000 y anteriores y el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT23 versiones 01.39.000 y anteriores lo permite un atacante remoto autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de un comando especialmente manipulado."
}
],
"id": "CVE-2022-40266",
"lastModified": "2024-11-21T07:21:09.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-24T09:15:09.587",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A5B6C7-8B78-4129-B86E-B7CF89F516C6",
"versionEndIncluding": "01.39.010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E4DB38-4E11-45AD-AD7D-83A4176AF2AC",
"versionEndIncluding": "01.39.010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEB8E65-0B88-4E32-BF2C-0A48DBE69A29",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8D058D-DDFB-45D4-BF67-52F47CA0634C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D35B387-13E1-4A4B-85FE-1859328A2C1F",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A4460D-F108-4DAE-AB65-1083C140F63C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1653C34C-63FD-4415-A3DE-31209CBBF934",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA7AF60-7B6A-4ED7-AA1B-40C5097E4EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:gs2107-wtbd-n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2961DA-1947-4DC7-9A8B-05E8588BA2A6",
"versionEndIncluding": "01.40.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:gs2107-wtbd-n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63EA140E-C23D-41FF-B4EF-686C2D42BD22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
},
{
"lang": "es",
"value": "Vulnerabilidad de autenticaci\u00f3n inadecuada en el servidor VNC de la serie GOT2000 modelo GT27 versiones 01.39.010 y anteriores, servidor VNC de la serie GOT2000 modelo GT25 versiones 01.39.010 y anteriores, servidor VNC de la serie GOT2000 modelo GT2107-WTBD versiones 01.40.000 y anteriores, servidor VNC de la serie GOT2000 modelo GT2107-WTSD versiones 01.40. 000 y anteriores, el servidor VNC de la serie GOT SIMPLE GS21 modelo GS2110-WTBD-N versiones 01.40.000 y anteriores y el servidor VNC de la serie GOT SIMPLE GS21 modelo GS2107-WTBD-N versiones 01.40.000 y anteriores permite a un atacante remoto no autenticado obtener acceso no autorizado a trav\u00e9s de paquetes especialmente dise\u00f1ados cuando se utiliza la funci\u00f3n \"servidor VNC\"."
}
],
"id": "CVE-2021-20590",
"lastModified": "2024-11-21T05:46:50.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T19:15:07.363",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}