CVE-2021-20601 — HIGH (7.5)

Vulnerability Description

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Gt Softgot2000	-
Mitsubishielectric	Got Simple Gs2110-Wtbd Firmware	-
Mitsubishielectric	Got Simple Gs2110-Wtbd	-
Mitsubishielectric	Got Simple Gs2107-Wtbd Firmware	-
Mitsubishielectric	Got Simple Gs2107-Wtbd	-
Mitsubishielectric	Got2000 Gt2104-Rtbd Firmware	-
Mitsubishielectric	Got2000 Gt2104-Rtbd	-
Mitsubishielectric	Got2000 Gt2103-Pmbd Firmware	-
Mitsubishielectric	Got2000 Gt2103-Pmbd	-
Mitsubishielectric	Got2000 Gt2103-Pmbds Firmware	-
Mitsubishielectric	Got2000 Gt2103-Pmbds	-
Mitsubishielectric	Got2000 Gt2103-Pmbds2 Firmware	-
Mitsubishielectric	Got2000 Gt2103-Pmbds2	-
Mitsubishielectric	Got2000 Gt2103-Pmbls Firmware	-
Mitsubishielectric	Got2000 Gt2103-Pmbls	-
Mitsubishielectric	Got2000 Gt2107-Wtbd Firmware	-
Mitsubishielectric	Got2000 Gt2107-Wtbd	-
Mitsubishielectric	Got2000 Gt2310-Vtba Firmware	-
Mitsubishielectric	Got2000 Gt2310-Vtba	-
Mitsubishielectric	Got2000 Gt2310-Vtbd Firmware	-

Related Weaknesses (CWE)

CWE-20

References

https://jvn.jp/vu/JVNVU98072504Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdfVendor Advisory
https://jvn.jp/vu/JVNVU98072504Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdfVendor Advisory

FAQ

What is CVE-2021-20601?

CVE-2021-20601 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all version...

How severe is CVE-2021-20601?

CVE-2021-20601 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20601?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt Softgot2000, Mitsubishielectric Got Simple Gs2110-Wtbd Firmware, Mitsubishielectric Got Simple Gs2110-Wtbd, Mitsubishielectric Got Simple Gs2107-Wtbd Firmware, Mitsubishielectric Got Simple Gs2107-Wtbd.