Improper Access Control Vulnerability Affecting Mitsubishi GOT 1000 Series
CVE-2020-5647

9.8CRITICAL

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Gt14 Model Of Got 1000 Series
Vendor
CVE Published:
6 November 2020

What is CVE-2020-5647?

An improper access control vulnerability has been identified in the TCP/IP function of the firmware of the Mitsubishi GOT 1000 series. This flaw allows a remote, unauthenticated attacker to disrupt network functions or execute malicious programs by sending specially crafted packets to vulnerable devices. The affected models include GT1455-QTBDE, GT1450-QMBDE, GT1450-QLBDE, GT1455HS-QTBDE, and GT1450HS-QMBDE, with specific CoreOS versions subject to this risk. Organizations utilizing these models should ensure they apply the necessary patches to mitigate potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier)

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02
x_refsource_MISC
https://www.mitsubishielectric.com/en/psirt/vulnerability...
x_refsource_MISC
https://www.mitsubishielectric.co.jp/psirt/vulnerability/...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.