Vulnerability Description
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Gx Works2 | <= 1.606g |
References
- https://jvn.jp/vu/JVNVU93019896/index.htmlThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU93019896/index.htmlThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdfVendor Advisory
FAQ
What is CVE-2021-20608?
CVE-2021-20608 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Wor...
How severe is CVE-2021-20608?
CVE-2021-20608 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20608?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gx Works2.