CVE-2021-20601

high-risk
Published 2021-11-23

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Got Simple Gs2110-Wtbd Firmware
Got Simple Gs2107-Wtbd Firmware
Got2000 Gt2104-Rtbd Firmware
Got2000 Gt2103-Pmbd Firmware
Got2000 Gt2103-Pmbds Firmware
Got2000 Gt2103-Pmbds2 Firmware
Got2000 Gt2103-Pmbls Firmware
Got2000 Gt2107-Wtbd Firmware
Got2000 Gt2310-Vtba Firmware
Got2000 Gt2310-Vtbd Firmware
Got2000 Gt2308-Vtbd Firmware
Got2000 Gt2308-Vtba Firmware
Got2000 Gt2507T-Wtsd Firmware
Got2000 Gt2507-Wtsd Firmware
Got2000 Gt2507-Wtbd Firmware
Got2000 Gt2512-Wxtsd Firmware
Got2000 Gt2510-Wxtbd Firmware
Got2000 Gt2510-Wxtsd Firmware
Got2000 Gt2512-Wxtbd Firmware

Affected Vendors

Mitsubishielectric

References (6)

Third Party Advisory https://jvn.jp/vu/JVNVU98072504
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02
Vendor Advisory https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdf
Third Party Advisory https://jvn.jp/vu/JVNVU98072504
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02
Vendor Advisory https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdf
53
/ 100
high-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 26/34 · High