Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-20589
HistoryMay 19, 2021 - 11:15 a.m.

CVE-2021-20589

2021-05-1911:15:07
CWE-119
[email protected]
web.nvd.nist.gov
25
11
cve
2021
20589
buffer access
incorrect length value
vulnerability
got2000 series
communication driver
remote attacker
modbus/tcp
unauthenticated
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

64.8%

JSON

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.

Affected configurations

NVD
Node
mitsubishigt27_firmwareRange01.19.00001.38.000
AND
mitsubishigt27Match-
Node
mitsubishigt25_firmwareRange01.19.00001.38.000
AND
mitsubishigt25Match-
Node
mitsubishigt23_firmwareRange01.19.00001.38.000
AND
mitsubishigt23Match-
Node
mitsubishigt21_firmwareRange01.21.00001.39.000
AND
mitsubishigt21Match-
Node
mitsubishigs21_firmwareRange01.21.00001.39.000
AND
mitsubishigs21Match-
Node
mitsubishigt_softgot2000_firmwareRange1.170c1.250l
AND
mitsubishigt_softgot2000Match-

CNA Affected

[
  {
    "product": "GOT2000 series; GOT SIMPLE series; GT SoftGOT2000; Tension Controller",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000, GT21 model communication driver versions 01.21.000 through 01.39.000"
      },
      {
        "status": "affected",
        "version": "GS21 model communication driver versions 01.21.000 through 01.39.000"
      },
      {
        "status": "affected",
        "version": "GT SoftGOT2000 versions 1.170C through 1.250L"
      },
      {
        "status": "affected",
        "version": "LE7-40GU-L Screen package data for MODBUS/TCP V1.00"
      }
    ]
  }
]

Social References

More

Related

nessus 1
prion 1
cvelist 1
nvd 1
ics 1
nessus
nessus
Mitsubishi Electric GOT and Tension Controller (CVE-2021-20589)
2023-11-07 00:00:00
prion
prion
Buffer overflow
2021-05-19 11:15:00
cvelist
cvelist
CVE-2021-20589
2021-05-19 10:28:23
nvd
nvd
CVE-2021-20589
2021-05-19 11:15:07
ics
ics
Mitsubishi Electric GOT and Tension Controller (Update A)
2022-01-21 12:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

64.8%

JSON
Related for CVE-2021-20589
nessus1prion1cvelist1nvd1ics1