CVE-2021-20590

🗓️ 22 Apr 2021 18:54:28Reported by MitsubishiType

CVE-2021-20590: Improper authentication vulnerability in GOT2000 series VNC servers

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of Mitsubishi Electric’s graphic control panel software for the GOT2000 and GOT SIMPLE series lies in authentication errors, allowing attackers to gain unauthorized access to protected information.	5 May 202100:00	–	bdu_fstec
CNNVD	Mitsubishi Electric GOT2000 授权问题漏洞	22 Apr 202100:00	–	cnnvd
Cvelist	CVE-2021-20590	22 Apr 202118:54	–	cvelist
EUVD	EUVD-2021-8008	3 Oct 202520:07	–	euvd
ICS	Mitsubishi Electric GOT (Update A)	22 Apr 202100:00	–	ics
NVD	CVE-2021-20590	22 Apr 202119:15	–	nvd
Prion	Authentication flaw	22 Apr 202119:15	–	prion
RedhatCVE	CVE-2021-20590	22 May 202520:59	–	redhatcve
Tenable Nessus	Mitsubishi Electric GOT Improper Authentication (CVE-2021-20590) (deprecated)	7 Feb 202200:00	–	nessus

NVD

Node

mitsubishielectric got2000_gt27_firmwareRange≤01.39.010

AND

mitsubishielectric got2000_gt27Match-

Node

mitsubishielectric got2000_gt25_firmwareRange≤01.39.010

AND

mitsubishielectric got2000_gt25Match-

Node

mitsubishielectric gt2107-wtbd_firmwareRange≤01.40.000

AND

mitsubishielectric gt2107-wtbdMatch-

Node

mitsubishielectric gt2107-wtsd_firmwareRange≤01.40.000

AND

mitsubishielectric gt2107-wtsdMatch-

Node

mitsubishielectric gs2110-wtbd-n_firmwareRange≤01.40.000

AND

mitsubishielectric gs2110-wtbd-nMatch-

Node

mitsubishielectric gs2107-wtbd-n_firmwareRange≤01.40.000

AND

mitsubishielectric gs2107-wtbd-nMatch-

[
  {
    "product": "GOT2000 series GT27 model",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.39.010 and prior"
      }
    ]
  },
  {
    "product": "GOT2000 series GT25 model",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.39.010 and prior"
      }
    ]
  },
  {
    "product": "GOT2000 series GT21 model GT2107-WTBD",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  },
  {
    "product": "GOT2000 series GT21 model GT2107-WTSD",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  },
  {
    "product": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  },
  {
    "product": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  }
]

Source	Link
mitsubishielectric	www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf
jvn	www.jvn.jp/vu/JVNVU97615777/index.html

21 Nov 2024 05:46Current

7.8High risk

Vulners AI Score7.8

CVSS 24.3

CVSS 3.17.5

EPSS0.00258

CWE-287