Vulnerability Description
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Got2000 Gt27 Firmware | <= 01.39.000 |
| Mitsubishielectric | Got2000 Gt27 | - |
| Mitsubishielectric | Got2000 Gt25 Firmware | <= 01.39.000 |
| Mitsubishielectric | Got2000 Gt25 | - |
| Mitsubishielectric | Got2000 Gt23 Firmware | <= 01.39.000 |
| Mitsubishielectric | Got2000 Gt23 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU95633416Third Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdfMitigationVendor Advisory
- https://jvn.jp/vu/JVNVU95633416Third Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdfMitigationVendor Advisory
FAQ
What is CVE-2022-40266?
CVE-2022-40266 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.3...
How severe is CVE-2022-40266?
CVE-2022-40266 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40266?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Got2000 Gt27 Firmware, Mitsubishielectric Got2000 Gt27, Mitsubishielectric Got2000 Gt25 Firmware, Mitsubishielectric Got2000 Gt25, Mitsubishielectric Got2000 Gt23 Firmware.