CVE-2023-49140

moderate-risk

Published 2023-12-12

Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

Do I need to act?

0.57% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (10)

Gc-A22W-Cw Firmware

Gc-A24W-C\(W\) Firmware

Gc-A26W-C\(W\) Firmware

Gc-A24 Firmware

Gc-A24-M Firmware

Gc-A25 Firmware

Gc-A26 Firmware

Gc-A26-J2 Firmware

Gc-A27-C Firmware

Gc-A28-C Firmware

Affected Vendors

Jtekt

References (4)

Third Party Advisory https://jvn.jp/en/jp/JVN34145838/

Vendor Advisory https://www.electronics.jtekt.co.jp/en/topics/202312116562/

Third Party Advisory https://jvn.jp/en/jp/JVN34145838/

Vendor Advisory https://www.electronics.jtekt.co.jp/en/topics/202312116562/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 16/34 · Moderate