Session Fixation Vulnerability in Mitsubishi Electric GT14 Model of GOT 1000 Series
CVE-2020-5645

7.5HIGH

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Gt14 Model Of Got 1000 Series
Vendor: CVE Published:; 6 November 2020

Summary

The session fixation vulnerability in the TCP/IP functionality of Mitsubishi Electric's GT14 Model of the GOT 1000 series allows remote unauthenticated attackers to disrupt network functions. By sending specially crafted packets, an attacker can exploit this flaw to halt crucial operational features of affected devices. This presents significant security risks as it can lead to loss of control and availability of connected systems, thereby impacting industrial operations relying on these devices.

Affected Version(s)

GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier)