CVE Vulnerability

CVE-2021-20607

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU93817405/index.html Patch Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05 Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*
Information

Published : 2021-12-17 05:15

Updated : 2023-02-02 07:58

NVD link : CVE-2021-20607

Mitre link : CVE-2021-20607

Products Affected
No products.
CWE
CWE-191

Integer Underflow (Wrap or Wraparound)