CVE-2020-5675 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-5675?

CVE-2020-5675 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5675?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt2107-Wtbd Firmware, Mitsubishielectric Gt2107-Wtbd, Mitsubishielectric Gt2107-Wtsd Firmware, Mitsubishielectric Gt2107-Wtsd, Mitsubishielectric Gt2104-Rtbd Firmware.

Vulnerability Description

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Gt2107-Wtbd Firmware	<= 01.39.000
Mitsubishielectric	Gt2107-Wtbd	-
Mitsubishielectric	Gt2107-Wtsd Firmware	<= 01.39.000
Mitsubishielectric	Gt2107-Wtsd	-
Mitsubishielectric	Gt2104-Rtbd Firmware	<= 01.39.000
Mitsubishielectric	Gt2104-Rtbd	-
Mitsubishielectric	Gt2104-Pmbd Firmware	<= 01.39.000
Mitsubishielectric	Gt2104-Pmbd	-
Mitsubishielectric	Gt2103-Pmbd Firmware	<= 01.39.000
Mitsubishielectric	Gt2103-Pmbd	-
Mitsubishielectric	Gs2110-Wtbd Firmware	<= 01.39.000
Mitsubishielectric	Gs2110-Wtbd	-
Mitsubishielectric	Gs2107-Wtbd Firmware	<= 01.39.000
Mitsubishielectric	Gs2107-Wtbd	-
Mitsubishielectric	Le7-40Gu-L Firmware	1.00
Mitsubishielectric	Le7-40Gu-L	-
Mitsubishielectric	Gs2110-Wtbd-N Firmware	<= 01.39.000
Mitsubishielectric	Gs2110-Wtbd-N	-
Mitsubishielectric	Gs2107-Wtbd-N Firmware	<= 01.39.000
Mitsubishielectric	Gs2107-Wtbd-N	-

Related Weaknesses (CWE)

CWE-125

References

https://jvn.jp/vu/JVNVU99277775/index.htmlThird Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdfVendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdfVendor Advisory
https://jvn.jp/vu/JVNVU99277775/index.htmlThird Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdfVendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdfVendor Advisory

FAQ

What is CVE-2020-5675?

CVE-2020-5675 is a vulnerability with a CVSS score of 7.5 (HIGH). Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and...

How severe is CVE-2020-5675?

CVE-2020-5675 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5675?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt2107-Wtbd Firmware, Mitsubishielectric Gt2107-Wtbd, Mitsubishielectric Gt2107-Wtsd Firmware, Mitsubishielectric Gt2107-Wtsd, Mitsubishielectric Gt2104-Rtbd Firmware.