CVE-2021-20592 — HIGH (7.5)

Q: How severe is CVE-2021-20592?

CVE-2021-20592 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-20592?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt Softgot2000, Mitsubishielectric Got2000 Gt27 Firmware, Mitsubishielectric Got2000 Gt27, Mitsubishielectric Got2000 Gt25 Firmware, Mitsubishielectric Got2000 Gt25.

Vulnerability Description

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Gt Softgot2000	>= 1.170c, <= 1.256s
Mitsubishielectric	Got2000 Gt27 Firmware	>= 01.19.000, <= 01.39.010
Mitsubishielectric	Got2000 Gt27	-
Mitsubishielectric	Got2000 Gt25 Firmware	>= 01.19.000, <= 01.39.010
Mitsubishielectric	Got2000 Gt25	-
Mitsubishielectric	Got2000 Gt23 Firmware	>= 01.19.000, <= 01.39.010
Mitsubishielectric	Got2000 Gt23	-

Related Weaknesses (CWE)

CWE-662

References

FAQ

What is CVE-2021-20592?

CVE-2021-20592 is a vulnerability with a CVSS score of 7.5 (HIGH). Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and G...

How severe is CVE-2021-20592?

CVE-2021-20592 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20592?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt Softgot2000, Mitsubishielectric Got2000 Gt27 Firmware, Mitsubishielectric Got2000 Gt27, Mitsubishielectric Got2000 Gt25 Firmware, Mitsubishielectric Got2000 Gt25.