Session Hijacking and Denial of Service Vulnerability in Mitsubishi Electric GOT2000 and GOT SIMPLE Series
CVE-2023-3373

5.9MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Got2000 Series Gt21 Model; Got Simple Series Gs21 Model
Vendor: CVE Published:; 4 August 2023

Summary

A vulnerability exists in Mitsubishi Electric's GOT2000 Series GT21 and GOT SIMPLE Series GS21 models, allowing remote unauthenticated attackers to hijack data connections or disrupt services. This is achieved through an exploitation of predictable port values, enabling attackers to guess the listening port of the FTP server. Successful exploitation can lead to unauthorized access or denial of service for legitimate users, affecting the integrity and availability of systems relying on these models.

Affected Version(s)

GOT SIMPLE Series GS21 model 01.49.000 and prior

GOT2000 Series GT21 model 01.49.000 and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

https://jvn.jp/vu/JVNVU92167394/index.html

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2023
Vulnerability Reserved
Jun 23, 2023