Vulnerability Description
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Coreos | <= y |
| Mitsubishielectric | Got2000 Gt23 | - |
| Mitsubishielectric | Got2000 Gt25 | - |
| Mitsubishielectric | Got2000 Gt27 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU95413676/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdfVendor Advisory
- https://jvn.jp/en/vu/JVNVU95413676/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdfVendor Advisory
FAQ
What is CVE-2020-5596?
CVE-2020-5596 is a vulnerability with a CVSS score of 7.5 (HIGH). TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage session...
How severe is CVE-2020-5596?
CVE-2020-5596 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5596?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Coreos, Mitsubishielectric Got2000 Gt23, Mitsubishielectric Got2000 Gt25, Mitsubishielectric Got2000 Gt27.