Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
{"nessus": [{"lastseen": "2022-02-10T00:00:00", "description": "Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version 05.65.00.BD and earlier, GT1450-QMBDE CoreOS version 05.65.00.BD and earlier, GT1450-QLBDE CoreOS version 05.65.00.BD and earlier, GT1455HS-QTBDE CoreOS version 05.65.00.BD and earlier, and GT1450HS-QMBDE CoreOS version 05.65.00.BD and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Mitsubishi (CVE-2020-5648)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-5648"], "modified": "2022-02-07T00:00:00", "cpe": ["cpe:/o:mitsubishielectric:coreos"], "id": "TENABLE_OT_MITSUBISHI_CVE-2020-5648.NASL", "href": "https://www.tenable.com/plugins/ot/500511", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500511);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2020-5648\");\n\n script_name(english:\"Mitsubishi (CVE-2020-5648)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function\nincluded in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version 05.65.00.BD and earlier,\nGT1450-QMBDE CoreOS version 05.65.00.BD and earlier, GT1450-QLBDE CoreOS version 05.65.00.BD and earlier, GT1455HS-QTBDE\nCoreOS version 05.65.00.BD and earlier, and GT1450HS-QMBDE CoreOS version 05.65.00.BD and earlier) allows\nunauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted\npacket. \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more\ninformation.\");\n # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49c64636\");\n # https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c77c741f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jvn.jp/vu/JVNVU99562395/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5648\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(88);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:coreos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Mitsubishi\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Mitsubishi');\n\nvar asset = tenable_ot::assets::get(vendor:'Mitsubishi');\n\nvar vuln_cpes = {\n \"cpe:/o:mitsubishielectric:coreos\" :\n {\"versionEndIncluding\" : \"05.65.00.bd\"}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2022-04-26T21:50:25", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Mitsubishi Electric\n * **Equipment: **GT14 model of GOT1000 Series \n * **Vulnerabilities:** Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities by an attacker may result in a denial-of-service condition or code execution.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following models of GOT1000 with CoreOS Version 05.65.00.BD and prior, a graphic operation terminal, are affected:\n\n * GT1455-QTBDE\n * GT1450-QMBDE\n * GT1450-QLBDE\n * GT1455HS-QTBDE\n * GT1450HS-QMBDE\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nThe affected product has a memory corruption vulnerability, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.\n\n[CVE-2020-5644](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5644>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [SESSION FIXATION CWE-384](<https://cwe.mitre.org/data/definitions/384.html>)\n\nThe affected product has a session fixation vulnerability, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition.\n\n[CVE-2020-5645](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5645>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.3 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nThe affected product has a NULL pointer dereference vulnerability, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition.\n\n[CVE-2020-5646](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5646>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.4 [IMPROPER ACCESS CONTROL CWE-284](<https://cwe.mitre.org/data/definitions/284.html>)\n\nThe affected product has an access control issue, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.\n\n[CVE-2020-5647](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5647>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.5 [IMPROPER NEUTRALIZATION OF ARGUMENT DELIMITERS IN A COMMAND ('ARGUMENT INJECTION') CWE-88](<https://cwe.mitre.org/data/definitions/88.html>)\n\nThe affected product is vulnerable to an argument injection, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.\n\n[CVE-2020-5648](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5648>) has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.6 [RESOURCE MANAGEMENT ERRORS CWE-399](<https://cwe.mitre.org/data/definitions/399.html>)\n\nThe affected product has a resource management issue, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition.\n\n[CVE-2020-5649](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5649>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Japan\n\n### 3.4 RESEARCHER\n\nMitsubishi Electric reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nMitsubishi Electric recommends users update their products by downloading and applying the latest versions. For more information about steps to take to update to the newest version, please see the [vulnerability information on the Mitsubishi website](<https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf>). To further reduce risk, restrict access to the product only from trusted networks and hosts. Contact a Mitsubishi Electric representative for additional details.\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "ics", "title": "Mitsubishi Electric GT14 Model of GOT1000 Series", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5644", "CVE-2020-5645", "CVE-2020-5646", "CVE-2020-5647", "CVE-2020-5648", "CVE-2020-5649"], "modified": "2020-11-05T00:00:00", "id": "ICSA-20-310-02", "href": "https://www.us-cert.gov/ics/advisories/icsa-20-310-02", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2020-5648
