CVE Vulnerability

CVE-2021-20601

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU98072504 Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02 Third Party Advisory US Government Resource
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdf Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:mitsubishielectric:gt_softgot2000:-:*:*:*:*:*:*:*
Information

Published : 2021-11-23 03:15

Updated : 2021-11-29 04:20

NVD link : CVE-2021-20601

Mitre link : CVE-2021-20601

Products Affected
No products.
CWE
CWE-20