Lucene search

K
jvnJapan Vulnerability NotesJVN:34145838
HistoryDec 11, 2023 - 12:00 a.m.

JVN#34145838: Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

2023-12-1100:00:00
Japan Vulnerability Notes
jvn.jp
23
jtekt electronics
hmi gc-a2
denial-of-service
ftp service
commplex-link service
rfe service
netbios service
cve-2023-41963
cve-2023-49140
cve-2023-49143
cve-2023-49713
workaround
firewall
vpn
products affected.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.9%

HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below.

Denial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Denial-of-service (DoS) vulnerability in commplex-link service (CWE-400) - CVE-2023-49140

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Denial-of-service (DoS) vulnerability in rfe service (CWE-400) - CVE-2023-49143

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Denial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) - CVE-2023-49713

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Impact

A remote attacker may be able to cause a denial of service (DoS) condition by sending specially crafted packets to specific ports.

Solution

Apply the Workaround
Apply the following workaround to mitigate the impacts of these vulnerabilities.

  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when connecting the product to the Internet.

Products Affected

  • GC-A22W-CW all versions
  • GC-A24W-C(W) all versions
  • GC-A26W-C(W) all versions
  • GC-A24 all versions
  • GC-A24-M all versions
  • GC-A25 all versions
  • GC-A26 all versions
  • GC-A26-J2 all versions
  • GC-A27-C all versions
  • GC-A28-C all versions

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.9%

Related for JVN:34145838