Denial of service in Mitsubishi Electric GOT2000 series and GT SoftGOT2000



Published: 2021-07-28
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-20592
CWE-ID CWE-820
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
GOT2000 GT27 model
Server applications / SCADA systems

GOT2000 GT25 model
Server applications / SCADA systems

GOT2000 GT23 model
Server applications / SCADA systems

GT SoftGOT2000
Server applications / SCADA systems

Vendor Mitsubishi Electric

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Missing Synchronization

EUVDB-ID: #VU55382

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20592

CWE-ID: CWE-820 - Missing Synchronization

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of servise (DoS) attack.

The vulnerability exists due to the affected software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GOT2000 GT27 model: 01.19.000 - 01.39.010

GOT2000 GT25 model: 01.19.000 - 01.39.010

GOT2000 GT23 model: 01.19.000 - 01.39.010

GT SoftGOT2000: 1.170C - 1.256S


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###