Description

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

Related CPE's

o

mitsubishielectric

got2000_gt27_firmware

Vulnerable

h

mitsubishielectric

got2000_gt27

-

o

mitsubishielectric

got2000_gt25_firmware

Vulnerable

h

mitsubishielectric

got2000_gt25

-

o

mitsubishielectric

got2000_gt23_firmware

Vulnerable

h

mitsubishielectric

got2000_gt23

-

References

https://jvn.jp/vu/JVNVU95633416

Third Party Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf

MitigationVendor Advisory

Weaknesses

[email protected]

Primary
CWE-20

[email protected]

Secondary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-11-24T09:15:09.587

2 years ago

Last modified

2022-11-30T20:02:17.750

2 years ago