Multiple vulnerabilities in Mitsubishi Electric GOT2000 Series



Published: 2020-07-08 | Updated: 2020-07-08
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-5595
CVE-2020-5596
CVE-2020-5597
CVE-2020-5598
CVE-2020-5599
CVE-2020-5600
CWE-ID CWE-119
CWE-384
CWE-476
CWE-284
CWE-88
CWE-399
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe
GOT2000 GT27 model
Server applications / SCADA systems

GOT2000 GT25 model
Server applications / SCADA systems

GOT2000 GT23 model
Server applications / SCADA systems

Vendor Mitsubishi Electric

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU29592

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5595

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the TCP/IP function. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: All versions

GOT2000 GT25 model: All versions

GOT2000 GT23 model: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU95413676/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Session Fixation

EUVDB-ID: #VU29593

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5596

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the session invalidation issue in the TCP/IP function. A remote attacker can use a specially crafted packet and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: All versions

GOT2000 GT25 model: All versions

GOT2000 GT23 model: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU95413676/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) NULL pointer dereference

EUVDB-ID: #VU29594

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5597

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the TCP/IP function. A remote attacker can trigger denial of service conditions via a specially crafted packet.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: All versions

GOT2000 GT25 model: All versions

GOT2000 GT23 model: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU95413676/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Improper access control

EUVDB-ID: #VU29595

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5598

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the TCP/IP function. A remote attacker can use a specially crafted packet, bypass implemented security restrictions and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: All versions

GOT2000 GT25 model: All versions

GOT2000 GT23 model: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU95413676/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Improper Neutralization of Argument Delimiters in a Command

EUVDB-ID: #VU29596

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5599

CWE-ID: CWE-88 - Argument Injection or Modification

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exixts due to improper neutralization of argument delimiters in a command within the TCP/IP function. A remote attacker on the local network can use a specially crafted packet and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: All versions

GOT2000 GT25 model: All versions

GOT2000 GT23 model: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU95413676/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Resource management error

EUVDB-ID: #VU29597

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5600

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system

The vulnerability exists due to improper management of internal resources with the application in the TCP/IP function. A remote attacker can pass specially crafted data to the application and obtain sensitive information on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: All versions

GOT2000 GT25 model: All versions

GOT2000 GT23 model: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU95413676/index.html
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###