Session Hijacking and Denial of Service Vulnerability in Mitsubishi Electric GOT2000 and GOT SIMPLE Series
CVE-2023-3373

5.9MEDIUM

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Got2000 Series Gt21 Model
Got Simple Series Gs21 Model
Vendor
CVE Published:
4 August 2023

What is CVE-2023-3373?

A vulnerability exists in Mitsubishi Electric's GOT2000 Series GT21 and GOT SIMPLE Series GS21 models, allowing remote unauthenticated attackers to hijack data connections or disrupt services. This is achieved through an exploitation of predictable port values, enabling attackers to guess the listening port of the FTP server. Successful exploitation can lead to unauthorized access or denial of service for legitimate users, affecting the integrity and availability of systems relying on these models.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GOT SIMPLE Series GS21 model 01.49.000 and prior

GOT2000 Series GT21 model 01.49.000 and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
https://jvn.jp/vu/JVNVU92167394/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.