CVE-2020-5675

moderate-risk
Published 2020-12-04

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (10)

Gt2107-Wtbd Firmware
Gt2107-Wtsd Firmware
Gt2104-Rtbd Firmware
Gt2104-Pmbd Firmware
Gt2103-Pmbd Firmware
Gs2110-Wtbd Firmware
Gs2107-Wtbd Firmware
Le7-40Gu-L Firmware
Gs2110-Wtbd-N Firmware
Gs2107-Wtbd-N Firmware

Affected Vendors

Mitsubishielectric

References (6)

Third Party Advisory https://jvn.jp/vu/JVNVU99277775/index.html
Vendor Advisory https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf
Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf
Third Party Advisory https://jvn.jp/vu/JVNVU99277775/index.html
Vendor Advisory https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf
Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 16/34 · Moderate