Vulnerability Description
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Gt21 Firmware | < 01.50.000 |
| Mitsubishielectric | Gt21 | - |
| Mitsubishielectric | Gs21 Firmware | < 01.50.000 |
| Mitsubishielectric | Gs21 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU92167394/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU92167394/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdfVendor Advisory
FAQ
What is CVE-2023-3373?
CVE-2023-3373 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000...
How severe is CVE-2023-3373?
CVE-2023-3373 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3373?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt21 Firmware, Mitsubishielectric Gt21, Mitsubishielectric Gs21 Firmware, Mitsubishielectric Gs21.