CVE-2021-20589 — HIGH (7.5)

Q: How severe is CVE-2021-20589?

CVE-2021-20589 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-20589?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishi Gt27 Firmware, Mitsubishi Gt27, Mitsubishi Gt25 Firmware, Mitsubishi Gt25, Mitsubishi Gt23 Firmware.

Vulnerability Description

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishi	Gt27 Firmware	>= 01.19.000, <= 01.38.000
Mitsubishi	Gt27	-
Mitsubishi	Gt25 Firmware	>= 01.19.000, <= 01.38.000
Mitsubishi	Gt25	-
Mitsubishi	Gt23 Firmware	>= 01.19.000, <= 01.38.000
Mitsubishi	Gt23	-
Mitsubishi	Gt21 Firmware	>= 01.21.000, <= 01.39.000
Mitsubishi	Gt21	-
Mitsubishi	Gs21 Firmware	>= 01.21.000, <= 01.39.000
Mitsubishi	Gs21	-
Mitsubishi	Gt Softgot2000 Firmware	>= 1.170c, <= 1.250l
Mitsubishi	Gt Softgot2000	-

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2021-20589?

CVE-2021-20589 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 throu...

How severe is CVE-2021-20589?

CVE-2021-20589 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20589?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishi Gt27 Firmware, Mitsubishi Gt27, Mitsubishi Gt25 Firmware, Mitsubishi Gt25, Mitsubishi Gt23 Firmware.