Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:34145838
HistoryDec 11, 2023 - 12:00 a.m.

JVN#34145838: Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

2023-12-1100:00:00
Japan Vulnerability Notes
jvn.jp
23
jtekt electronics
hmi gc-a2
denial-of-service
ftp service
commplex-link service
rfe service
netbios service
cve-2023-41963
cve-2023-49140
cve-2023-49143
cve-2023-49713
workaround
firewall
vpn
products affected.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.9%

JSON

HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below.

Denial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Denial-of-service (DoS) vulnerability in commplex-link service (CWE-400) - CVE-2023-49140

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Denial-of-service (DoS) vulnerability in rfe service (CWE-400) - CVE-2023-49143

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Denial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) - CVE-2023-49713

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base Score: 7.8

Impact

A remote attacker may be able to cause a denial of service (DoS) condition by sending specially crafted packets to specific ports.

Solution

Apply the Workaround
Apply the following workaround to mitigate the impacts of these vulnerabilities.

  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when connecting the product to the Internet.

Products Affected

  • GC-A22W-CW all versions
  • GC-A24W-C(W) all versions
  • GC-A26W-C(W) all versions
  • GC-A24 all versions
  • GC-A24-M all versions
  • GC-A25 all versions
  • GC-A26 all versions
  • GC-A26-J2 all versions
  • GC-A27-C all versions
  • GC-A28-C all versions

Related

prion 4
cvelist 4
nvd 4
cve 4
prion
prion
Race condition
2023-12-12 10:15:00
Race condition
2023-12-12 10:15:00
Race condition
2023-12-12 10:15:00
cvelist
cvelist
CVE-2023-49143
2023-12-12 09:16:20
CVE-2023-49713
2023-12-12 09:16:26
CVE-2023-49140
2023-12-12 09:16:13
nvd
nvd
CVE-2023-49140
2023-12-12 10:15:10
CVE-2023-49713
2023-12-12 10:15:10
CVE-2023-49143
2023-12-12 10:15:10
cve
cve
CVE-2023-49713
2023-12-12 10:15:10
CVE-2023-49143
2023-12-12 10:15:10
CVE-2023-49140
2023-12-12 10:15:10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.9%

JSON
Related for JVN:34145838
prion4cvelist4nvd4cve4