Main Vulnerability Database Vulnerabilities #VU58240

#VU58240 Input validation error in Mitsubishi Electric products - CVE-2021-20601

Published: November 18, 2021

Vulnerability identifier: #VU58240

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-20601

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GOT2000 GT27 model
GOT2000 GT25 model
GOT2000 GT23 model
GOT2000 GT21 model
GOT SIMPLE GS21 model
GT SoftGOT2000

Software vendor:
Mitsubishi Electric

Description

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to an information tampering issue. A remote attacker can send a specially crafted packet to rewrite the device value and adversely affect the system’s operation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-21-320-02

#VU58240 Input validation error in Mitsubishi Electric products - CVE-2021-20601

Description

Remediation

External links

Please verify you're human