Denial of service in Mitsubishi Electric GOT2000 series and GT SoftGOT2000

Published: 2021-07-28
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-20592
Exploitation vector Network
Public exploit N/A
Vulnerable software
GOT2000 GT27 model
Server applications / SCADA systems

GOT2000 GT25 model
Server applications / SCADA systems

GOT2000 GT23 model
Server applications / SCADA systems

GT SoftGOT2000
Server applications / SCADA systems

Vendor Mitsubishi Electric

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Missing Synchronization

EUVDB-ID: #VU55382

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20592

CWE-ID: CWE-820 - Missing Synchronization

Exploit availability: No


The vulnerability allows a remote attacker to perform a denial of servise (DoS) attack.

The vulnerability exists due to the affected software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. A remote attacker can cause a denial of service condition on the target system.


Install updates from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: 01.19.000 - 01.39.010

GOT2000 GT25 model: 01.19.000 - 01.39.010

GOT2000 GT23 model: 01.19.000 - 01.39.010

GT SoftGOT2000: 1.170C - 1.256S

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.