Skip to main content

Gt Softgot2000 CVE-2021-20592

HIGH
Improper Synchronization (CWE-662)
2021-08-05 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 05, 2021 - 21:15 nvd
HIGH 7.5

DescriptionNVD

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.

AnalysisAI

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-662. Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover. Affected products include: Mitsubishielectric Gt Softgot2000, Mitsubishielectric Got2000 Gt27 Firmware, Mitsubishielectric Got2000 Gt25 Firmware, Mitsubishielectric Got2000 Gt23 Firmware. Version information: through 01.39.010.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-20588 CRITICAL
9.8 Feb 19

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Mo

CVE-2021-20587 CRITICAL
9.8 Feb 19

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuratio

CVE-2024-26314 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and

CVE-2024-25088 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute

CVE-2024-25086 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute

CVE-2024-22106 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute ar

CVE-2023-0525 HIGH
7.5 Aug 04

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000

CVE-2021-20601 HIGH
7.5 Nov 23

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all version

CVE-2024-25087 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue sc

CVE-2024-22105 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue sc

CVE-2024-22104 MEDIUM
5.5 Jul 02

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen

CVE-2024-22103 MEDIUM
5.5 Jul 02

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen

Share

CVE-2021-20592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy