cvelistv5 - cve-2020-5675

cve-2020-5675

Vulnerability from cvelistv5

Published

2020-12-04 07:10

Modified

2024-08-04 08:39

Severity ?

Summary

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/vu/JVNVU99277775/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU99277775/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Mitsubishi Electric Corporation	GT21 model of GOT2000 series, GS21 model of GOT SIMPLE series, and Tension Controller LE7-40GU-L series	Version: GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:25.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GT21 model of GOT2000 series, GS21 model of GOT SIMPLE series, and Tension Controller LE7-40GU-L series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-20T11:53:50",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5675",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GT21 model of GOT2000 series, GS21 model of GOT SIMPLE series, and Tension Controller LE7-40GU-L series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial-of-service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
            },
            {
              "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU99277775/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5675",
    "datePublished": "2020-12-04T07:10:19",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:39:25.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5675\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-12-04T08:15:11.207\",\"lastModified\":\"2024-11-21T05:34:27.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de lectura fuera de l\u00edmites en el modelo GT21 de la serie GOT2000 (GT2107-WTBD V01.39.000 y anteriores, GT2107-WTSD V01.39.000 y anteriores, GT2104-RTBD V01.39.000 y anteriores, GT2104-PMBD V01. 39.000 y anteriores, y GT2103-PMBD V01.39.000 y anteriores), el modelo GS21 de la serie GOT (GS2110-WTBD V01.39.000 y anteriores, GS2107-WTBD V01.39.000 y anteriores, GS2110-WTBD-N V01.39. 000 y anteriores, y GS2107-WTBD-N V01.39.000 y anteriores), y el controlador de tensi\u00f3n de la serie LE7-40GU-L (LE7-40GU-L Datos del paquete de pantalla para CC-Link IEF Basic V1.00, LE7-40GU-L Datos del paquete de pantalla para MODBUS/TCP V1.00, y LE7-40GU-L Datos del paquete de pantalla para SLMP V1.00) permite que un atacante remoto provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de un paquete especialmente dise\u00f1ado. Como resultado, puede producirse un deterioro del rendimiento de la comunicaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio (DoS) de las funciones de comunicaci\u00f3n TCP de los productos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"E6D09873-69E0-4D95-AB19-76F3D6813E07\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D8D058D-DDFB-45D4-BF67-52F47CA0634C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"ADEA875F-12E4-4420-8461-12DDB37FDF09\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6A4460D-F108-4DAE-AB65-1083C140F63C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gt2104-rtbd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"0D439C63-58B8-415E-85D8-061DEB19520C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gt2104-rtbd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AF9900C-5F69-423B-AB1E-FF9493A4A3AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gt2104-pmbd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"557E208B-4D4E-41DC-966F-58BCE75C2145\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gt2104-pmbd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"321F8067-D532-43BD-A1F8-19FC7347441C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gt2103-pmbd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"6B584764-2D96-4941-9B51-5F852A7FF5CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gt2103-pmbd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EEF4EFE-BBEE-497D-9514-610F38757A60\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gs2110-wtbd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"6C51225D-F2DF-4760-8417-D94EEBDC4977\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gs2110-wtbd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"884A19AD-23C5-4633-B7CE-711F0174A2D7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gs2107-wtbd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"AD034BED-C6F4-484C-89D8-F11601E0851F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gs2107-wtbd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19802816-8CB9-4E36-9B9E-2532543324A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:le7-40gu-l_firmware:1.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A29BADCB-0629-4C2F-854A-A4B816145186\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:le7-40gu-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41477864-1A55-4547-936A-29D6504F0D3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"767FEC93-0260-452E-8BF6-CF06091256B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCA7AF60-7B6A-4ED7-AA1B-40C5097E4EE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gs2107-wtbd-n_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.000\",\"matchCriteriaId\":\"A5464DBE-597B-4F83-B8FE-0232361F7CDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gs2107-wtbd-n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63EA140E-C23D-41FF-B4EF-686C2D42BD22\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU99277775/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU99277775/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

icsa-20-343-02

Vulnerability from csaf_cisa

Published

2020-12-08 00:00

Modified

2022-01-20 00:00

Summary

Mitsubishi Electric GOT and Tension Controller (Update B)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow malicious attackers to cause deterioration of communication performance or cause a denial-of-service condition of the TCP communication functions of the products requiring a re-boot of the device to recover.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Mitsubishi Electric",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow malicious attackers to cause deterioration of communication performance or cause a denial-of-service condition of the TCP communication functions of the products requiring a re-boot of the device to recover.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-343-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-343-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-343-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-343-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric GOT and Tension Controller (Update B)",
    "tracking": {
      "current_release_date": "2022-01-20T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-343-02",
      "initial_release_date": "2020-12-08T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-12-08T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller"
        },
        {
          "date": "2021-05-11T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller (Update A)"
        },
        {
          "date": "2022-01-20T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller (Update B)"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2107-WTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2107-WTBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2110-WTBD-N: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2110-WTBD-N"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2103-PMBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2103-PMBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2107-WTSD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2107-WTSD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2107-WTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2107-WTBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2107-WTBD-N: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2107-WTBD-N"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2104-PMBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2104-PMBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2104-RTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2104-RTBD"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "LE7-40GU-L Screen package data for CC-Link IEF Basic: v1.00",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "LE7-40GU-L Screen package data for CC-Link IEF Basic"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "LE7-40GU-L Screen package data for SLMP: v1.00",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "LE7-40GU-L Screen package data for SLMP"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "LE7-40GU-L Screen package data for MODBUS/TCP: v1.00",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "LE7-40GU-L Screen package data for MODBUS/TCP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2110-WTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-00012"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2110-WTBD"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-5675",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is an out-of-bounds read vulnerability that may allow attackers to cause deterioration in communication performance or cause a denial-of-service condition of the TCP communication functions of the products by sending specially crafted packets.CVE-2020-5675 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5675"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric has fixed the basic system application for GOT2000 series GT21 model or GOT SIMPLE series GS21 model, which is shipped with GT Designer3 (2000) versions 1.255R or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "To apply version v01.40.000 or later to GOT2000 series GT21 model or GOT SIMPLE series GS21 model, use the following update procedure:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Download the fixed version of MELSOFT GT Designer3(2000) and install into the PC. Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3(2000).",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Select Write to GOT from Communication menu to write the required package data to the GOT.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to the GT Designer3 (GOT2000) Screen Design Manual.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "After writing the required package data to the GOT, refer to the publication from Mitsubishi Electric to learn how to confirm if using the updated version.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric has provided the following procedure to update the tension controller to: Version 1.01 or later:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Contact a Mitsubishi Electric representative for the fixed version of the screen package data.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "Install the engineering tool (\u201cData Transfer Tool\u201d or \u201cGT Designer 3 (GOT2000)\u201d) in your PC. Contact a Mitsubishi Electric representative for the latest engineering tool.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "Connect LE7-40GU-L and your PC with a USB cable.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Write the screen package data to LE7-40GU-L using the \u201cGOT write\u201d function of the engineering tool.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "After writing is completed, restart LE7-40GU-L.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Refer to the publication from Mitsubishi Electric to learn how to confirm if using the updated version.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "Until the update can be applied, Mitsubishi Electric asks that users restrict access to the product only from trusted networks and hosts.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to the Mitsubishi Electric website for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "Additional information about the vulnerability or Mitsubishi Electric recommendations is available by contacting a Mitsubishi Electric representative.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        }
      ]
    }
  ]
}

ICSA-20-343-02

Vulnerability from csaf_cisa

Published

2020-12-08 00:00

Modified

2022-01-20 00:00

Summary

Mitsubishi Electric GOT and Tension Controller (Update B)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Mitsubishi Electric",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow malicious attackers to cause deterioration of communication performance or cause a denial-of-service condition of the TCP communication functions of the products requiring a re-boot of the device to recover.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-343-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-343-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-343-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-343-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric GOT and Tension Controller (Update B)",
    "tracking": {
      "current_release_date": "2022-01-20T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-343-02",
      "initial_release_date": "2020-12-08T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-12-08T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller"
        },
        {
          "date": "2021-05-11T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller (Update A)"
        },
        {
          "date": "2022-01-20T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller (Update B)"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2107-WTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2107-WTBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2110-WTBD-N: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2110-WTBD-N"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2103-PMBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2103-PMBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2107-WTSD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2107-WTSD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2107-WTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2107-WTBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2107-WTBD-N: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2107-WTBD-N"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2104-PMBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2104-PMBD"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GT2104-RTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "GT2104-RTBD"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "LE7-40GU-L Screen package data for CC-Link IEF Basic: v1.00",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "LE7-40GU-L Screen package data for CC-Link IEF Basic"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "LE7-40GU-L Screen package data for SLMP: v1.00",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "LE7-40GU-L Screen package data for SLMP"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "LE7-40GU-L Screen package data for MODBUS/TCP: v1.00",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "LE7-40GU-L Screen package data for MODBUS/TCP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 01.39.000",
                "product": {
                  "name": "GS2110-WTBD: versions v01.39.000 and earlier",
                  "product_id": "CSAFPID-00012"
                }
              }
            ],
            "category": "product_name",
            "name": "GS2110-WTBD"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-5675",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is an out-of-bounds read vulnerability that may allow attackers to cause deterioration in communication performance or cause a denial-of-service condition of the TCP communication functions of the products by sending specially crafted packets.CVE-2020-5675 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5675"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric has fixed the basic system application for GOT2000 series GT21 model or GOT SIMPLE series GS21 model, which is shipped with GT Designer3 (2000) versions 1.255R or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "To apply version v01.40.000 or later to GOT2000 series GT21 model or GOT SIMPLE series GS21 model, use the following update procedure:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Download the fixed version of MELSOFT GT Designer3(2000) and install into the PC. Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3(2000).",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Select Write to GOT from Communication menu to write the required package data to the GOT.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to the GT Designer3 (GOT2000) Screen Design Manual.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "After writing the required package data to the GOT, refer to the publication from Mitsubishi Electric to learn how to confirm if using the updated version.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric has provided the following procedure to update the tension controller to: Version 1.01 or later:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Contact a Mitsubishi Electric representative for the fixed version of the screen package data.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "Install the engineering tool (\u201cData Transfer Tool\u201d or \u201cGT Designer 3 (GOT2000)\u201d) in your PC. Contact a Mitsubishi Electric representative for the latest engineering tool.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "Connect LE7-40GU-L and your PC with a USB cable.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Write the screen package data to LE7-40GU-L using the \u201cGOT write\u201d function of the engineering tool.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "After writing is completed, restart LE7-40GU-L.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Refer to the publication from Mitsubishi Electric to learn how to confirm if using the updated version.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "Until the update can be applied, Mitsubishi Electric asks that users restrict access to the product only from trusted networks and hosts.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to the Mitsubishi Electric website for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "Additional information about the vulnerability or Mitsubishi Electric recommendations is available by contacting a Mitsubishi Electric representative.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        }
      ]
    }
  ]
}

gsd-2020-5675

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5675

Aliases

CVE-2020-5675

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5675",
    "description": "Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.",
    "id": "GSD-2020-5675"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5675"
      ],
      "details": "Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.",
      "id": "GSD-2020-5675",
      "modified": "2023-12-13T01:22:03.238522Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5675",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GT21 model of GOT2000 series, GS21 model of GOT SIMPLE series, and Tension Controller LE7-40GU-L series",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial-of-service (DoS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
          },
          {
            "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU99277775/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gt2104-rtbd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gt2104-rtbd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gt2104-pmbd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gt2104-pmbd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gt2103-pmbd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gt2103-pmbd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gs2110-wtbd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gs2110-wtbd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gs2107-wtbd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gs2107-wtbd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:le7-40gu-l_firmware:1.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:le7-40gu-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:gs2107-wtbd-n_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.39.000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:gs2107-wtbd-n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5675"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU99277775/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-10T07:38Z",
      "publishedDate": "2020-12-04T08:15Z"
    }
  }
}

fkie_cve-2020-5675

Vulnerability from fkie_nvd

Published

2020-12-04 08:15

Modified

2024-11-21 05:34

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/vu/JVNVU99277775/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU99277775/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	gt2107-wtbd_firmware	*
mitsubishielectric	gt2107-wtbd	-
mitsubishielectric	gt2107-wtsd_firmware	*
mitsubishielectric	gt2107-wtsd	-
mitsubishielectric	gt2104-rtbd_firmware	*
mitsubishielectric	gt2104-rtbd	-
mitsubishielectric	gt2104-pmbd_firmware	*
mitsubishielectric	gt2104-pmbd	-
mitsubishielectric	gt2103-pmbd_firmware	*
mitsubishielectric	gt2103-pmbd	-
mitsubishielectric	gs2110-wtbd_firmware	*
mitsubishielectric	gs2110-wtbd	-
mitsubishielectric	gs2107-wtbd_firmware	*
mitsubishielectric	gs2107-wtbd	-
mitsubishielectric	le7-40gu-l_firmware	1.00
mitsubishielectric	le7-40gu-l	-
mitsubishielectric	gs2110-wtbd-n_firmware	*
mitsubishielectric	gs2110-wtbd-n	-
mitsubishielectric	gs2107-wtbd-n_firmware	*
mitsubishielectric	gs2107-wtbd-n	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D09873-69E0-4D95-AB19-76F3D6813E07",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8D058D-DDFB-45D4-BF67-52F47CA0634C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADEA875F-12E4-4420-8461-12DDB37FDF09",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A4460D-F108-4DAE-AB65-1083C140F63C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gt2104-rtbd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D439C63-58B8-415E-85D8-061DEB19520C",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gt2104-rtbd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AF9900C-5F69-423B-AB1E-FF9493A4A3AB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gt2104-pmbd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "557E208B-4D4E-41DC-966F-58BCE75C2145",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gt2104-pmbd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "321F8067-D532-43BD-A1F8-19FC7347441C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gt2103-pmbd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B584764-2D96-4941-9B51-5F852A7FF5CD",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gt2103-pmbd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EEF4EFE-BBEE-497D-9514-610F38757A60",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gs2110-wtbd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C51225D-F2DF-4760-8417-D94EEBDC4977",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gs2110-wtbd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "884A19AD-23C5-4633-B7CE-711F0174A2D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gs2107-wtbd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD034BED-C6F4-484C-89D8-F11601E0851F",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gs2107-wtbd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19802816-8CB9-4E36-9B9E-2532543324A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:le7-40gu-l_firmware:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29BADCB-0629-4C2F-854A-A4B816145186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:le7-40gu-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41477864-1A55-4547-936A-29D6504F0D3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "767FEC93-0260-452E-8BF6-CF06091256B6",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA7AF60-7B6A-4ED7-AA1B-40C5097E4EE4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:gs2107-wtbd-n_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5464DBE-597B-4F83-B8FE-0232361F7CDA",
              "versionEndIncluding": "01.39.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:gs2107-wtbd-n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EA140E-C23D-41FF-B4EF-686C2D42BD22",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de lectura fuera de l\u00edmites en el modelo GT21 de la serie GOT2000 (GT2107-WTBD V01.39.000 y anteriores, GT2107-WTSD V01.39.000 y anteriores, GT2104-RTBD V01.39.000 y anteriores, GT2104-PMBD V01. 39.000 y anteriores, y GT2103-PMBD V01.39.000 y anteriores), el modelo GS21 de la serie GOT (GS2110-WTBD V01.39.000 y anteriores, GS2107-WTBD V01.39.000 y anteriores, GS2110-WTBD-N V01.39. 000 y anteriores, y GS2107-WTBD-N V01.39.000 y anteriores), y el controlador de tensi\u00f3n de la serie LE7-40GU-L (LE7-40GU-L Datos del paquete de pantalla para CC-Link IEF Basic V1.00, LE7-40GU-L Datos del paquete de pantalla para MODBUS/TCP V1.00, y LE7-40GU-L Datos del paquete de pantalla para SLMP V1.00) permite que un atacante remoto provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de un paquete especialmente dise\u00f1ado. Como resultado, puede producirse un deterioro del rendimiento de la comunicaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio (DoS) de las funciones de comunicaci\u00f3n TCP de los productos"
    }
  ],
  "id": "CVE-2020-5675",
  "lastModified": "2024-11-21T05:34:27.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-04T08:15:11.207",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-96mc-r65q-rp99

Vulnerability from github

Published

2022-05-24 17:35

Modified

2022-05-24 17:35

Details

Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-04T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.",
  "id": "GHSA-96mc-r65q-rp99",
  "modified": "2022-05-24T17:35:25Z",
  "published": "2022-05-24T17:35:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5675"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU99277775/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-5675

Vulnerability from cvelistv5

icsa-20-343-02

Vulnerability from csaf_cisa

ICSA-20-343-02

Vulnerability from csaf_cisa

gsd-2020-5675

Vulnerability from gsd

fkie_cve-2020-5675

Vulnerability from fkie_nvd

ghsa-96mc-r65q-rp99

Vulnerability from github

Tags

Sightings

Nomenclature