Argument Injection Vulnerability in Mitsubishi Electric GOT2000 Series
CVE-2020-5599

9.8CRITICAL

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Got2000 Series Gt27, Gt25, And Gt23
Vendor: CVE Published:; 7 July 2020

Summary

The Mitsubishi Electric GOT2000 series firmware has a vulnerability in its TCP/IP function due to improper handling of argument delimiters. This vulnerability could be exploited by remote attackers, potentially allowing them to disrupt the network functions of affected devices or execute arbitrary code through specially crafted packets. This risk emphasizes the need for organizations to regularly update their systems and monitor for suspicious network activities.

Affected Version(s)

GOT2000 series GT27, GT25, and GT23 CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

x_refsource_MISC

https://jvn.jp/en/vu/JVNVU95413676/index.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2020
Vulnerability Reserved
Jan 6, 2020