Lucene search

MitsubishiCVE-2021-20590

HistoryApr 22, 2021 - 7:15 p.m.

CVE-2021-20590

2021-04-2219:15:07

CWE-287

Mitsubishi

web.nvd.nist.gov

cve

2021

20590

improper authentication

got2000 series

vnc server

unauthorized access

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

62.1%

JSON

Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the “VNC server” function is used.

Affected configurations

Nvd

Node

mitsubishielectricgot2000_gt27_firmwareRange≤01.39.010

AND

mitsubishielectricgot2000_gt27Match-

Node

mitsubishielectricgot2000_gt25_firmwareRange≤01.39.010

AND

mitsubishielectricgot2000_gt25Match-

Node

mitsubishielectricgt2107-wtbd_firmwareRange≤01.40.000

AND

mitsubishielectricgt2107-wtbdMatch-

Node

mitsubishielectricgt2107-wtsd_firmwareRange≤01.40.000

AND

mitsubishielectricgt2107-wtsdMatch-

Node

mitsubishielectricgs2110-wtbd-n_firmwareRange≤01.40.000

AND

mitsubishielectricgs2110-wtbd-nMatch-

Node

mitsubishielectricgs2107-wtbd-n_firmwareRange≤01.40.000

AND

mitsubishielectricgs2107-wtbd-nMatch-

VendorProductVersionCPE
mitsubishielectricgot2000_gt27_firmware*cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*
mitsubishielectricgot2000_gt27-cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*
mitsubishielectricgot2000_gt25_firmware*cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*
mitsubishielectricgot2000_gt25-cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*
mitsubishielectricgt2107-wtbd_firmware*cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*
mitsubishielectricgt2107-wtbd-cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*
mitsubishielectricgt2107-wtsd_firmware*cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*
mitsubishielectricgt2107-wtsd-cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*
mitsubishielectricgs2110-wtbd-n_firmware*cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*
mitsubishielectricgs2110-wtbd-n-cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitsubishielectric	got2000_gt27_firmware	*	cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware::::::::
mitsubishielectric	got2000_gt27	-	cpe:2.3:h:mitsubishielectric:got2000_gt27:-:::::::*
mitsubishielectric	got2000_gt25_firmware	*	cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware::::::::
mitsubishielectric	got2000_gt25	-	cpe:2.3:h:mitsubishielectric:got2000_gt25:-:::::::*
mitsubishielectric	gt2107-wtbd_firmware	*	cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware::::::::
mitsubishielectric	gt2107-wtbd	-	cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:::::::*
mitsubishielectric	gt2107-wtsd_firmware	*	cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware::::::::
mitsubishielectric	gt2107-wtsd	-	cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:::::::*
mitsubishielectric	gs2110-wtbd-n_firmware	*	cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware::::::::
mitsubishielectric	gs2110-wtbd-n	-	cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "GOT2000 series GT27 model",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.39.010 and prior"
      }
    ]
  },
  {
    "product": "GOT2000 series GT25 model",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.39.010 and prior"
      }
    ]
  },
  {
    "product": "GOT2000 series GT21 model GT2107-WTBD",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  },
  {
    "product": "GOT2000 series GT21 model GT2107-WTSD",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  },
  {
    "product": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  },
  {
    "product": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VNC server version 01.40.000 and prior"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU97615777/index.html

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

62.1%

JSON

Related for CVE-2021-20590