Vulnerability Details : CVE-2021-20589
Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.
Vulnerability category: Overflow
Products affected by CVE-2021-20589
- Mitsubishi » Gt27 FirmwareVersions from including (>=) 01.19.000 and up to, including, (<=) 01.38.000cpe:2.3:o:mitsubishi:gt27_firmware:*:*:*:*:*:*:*:*
- Mitsubishi » Gt25 FirmwareVersions from including (>=) 01.19.000 and up to, including, (<=) 01.38.000cpe:2.3:o:mitsubishi:gt25_firmware:*:*:*:*:*:*:*:*
- Mitsubishi » Gt23 FirmwareVersions from including (>=) 01.19.000 and up to, including, (<=) 01.38.000cpe:2.3:o:mitsubishi:gt23_firmware:*:*:*:*:*:*:*:*
- Mitsubishi » Gt21 FirmwareVersions from including (>=) 01.21.000 and up to, including, (<=) 01.39.000cpe:2.3:o:mitsubishi:gt21_firmware:*:*:*:*:*:*:*:*
- Mitsubishi » Gs21 FirmwareVersions from including (>=) 01.21.000 and up to, including, (<=) 01.39.000cpe:2.3:o:mitsubishi:gs21_firmware:*:*:*:*:*:*:*:*
- Mitsubishi » Gt Softgot2000 FirmwareVersions from including (>=) 1.170c and up to, including, (<=) 1.250lcpe:2.3:o:mitsubishi:gt_softgot2000_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20589
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20589
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-20589
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-20589
-
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-002_en.pdf
Vendor Advisory
-
https://jvn.jp/vu/JVNVU99895108/index.html
JVNVU#99895108: 三菱電機製 GOT およびテンションコントローラの MODBUS/TCP スレーブ通信機能におけるサービス運用妨害 (DoS) の脆弱性Third Party Advisory
Jump to