Skip to main content

Ezsocket CVE-2021-20606

MEDIUM
Out-of-bounds Read (CWE-125)
2021-12-17 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 17, 2021 - 17:15 nvd
MEDIUM 5.5

DescriptionNVD

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.

AnalysisAI

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. Affected products include: Mitsubishielectric Ezsocket, Mitsubishielectric Gx Works2, Mitsubishielectric Melsoft Navigator.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2021-20588 CRITICAL
9.8 Feb 19

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Mo

CVE-2021-20587 CRITICAL
9.8 Feb 19

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuratio

CVE-2024-26314 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and

CVE-2024-25088 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute

CVE-2024-25086 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute

CVE-2024-22106 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute ar

CVE-2024-25087 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue sc

CVE-2024-22105 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue sc

CVE-2024-22104 MEDIUM
5.5 Jul 02

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen

CVE-2024-22103 MEDIUM
5.5 Jul 02

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen

CVE-2024-22102 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue sc

CVE-2021-20607 MEDIUM
5.5 Dec 17

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT

Share

CVE-2021-20606 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy