Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2021-20601.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Mitsubishi Electric GOT products (CVE-2021-20601)
2022-02-0700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
0.002 Low
EPSS
Percentile
51.5%
Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500581);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/13");
script_cve_id("CVE-2021-20601");
script_name(english:"Mitsubishi Electric GOT products (CVE-2021-20601)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all
versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model
all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds
the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system
operation may be affected, such as malfunction.
This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU98072504");
script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02");
# https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b713514c");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric recommends users take measures such as installing a firewall to protect the GOT and system from
unauthorized access from external equipment via the network.
Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting this
vulnerability:
- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use the products within a LAN and block access from untrusted networks and hosts.
- Install antivirus software on user computers with access to the product and the system.
- Use the IP filter function to restrict the accessible IP addresses.
For more information, please contact the local Mitsubishi Electric representative or refer to the Mitsubishi Electric
support website.
For specific update instructions and additional details, see the Mitsubishi Electric advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20601");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/23");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got_simple_gs2110-wtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got_simple_gs2107-wtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2104-rtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2103-pmbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2103-pmbds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2103-pmbds2_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2103-pmbls_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2107-wtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2310-vtba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2310-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2308-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2308-vtba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2507t-wtsd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2507-wtsd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2507-wtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2512-wxtsd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2510-wxtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2510-wxtsd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2512-wxtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2505hs-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2506hs-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2512-stba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2512-stbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2510-vtba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2510-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2510-vtwa_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2510-vtwd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2508-vtba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2508-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2508-vtwa_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2508-vtwd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2505-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2705-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2708-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2708-vtba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2708-stba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2708-stbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2710-stba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2710-stbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2710-vtba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2710-vtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2710-vtwa_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2710-vtwd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2712-stwd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2712-stwa_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2712-stba_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2712-stbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2715-xtbd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt2715-xtba_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:got_simple_gs2110-wtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got_simple_gs2107-wtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2104-rtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2103-pmbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2103-pmbds_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2103-pmbds2_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2103-pmbls_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2107-wtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2310-vtba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2310-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2308-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2308-vtba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2507t-wtsd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2507-wtsd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2507-wtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2512-wxtsd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2510-wxtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2510-wxtsd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2512-wxtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2505hs-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2506hs-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2512-stba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2512-stbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2510-vtba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2510-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2510-vtwa_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2510-vtwd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2508-vtba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2508-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2508-vtwa_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2508-vtwd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2505-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2705-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2708-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2708-vtba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2708-stba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2708-stbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2710-stba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2710-stbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2710-vtba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2710-vtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2710-vtwa_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2710-vtwd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2712-stwd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2712-stwa_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2712-stba_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2712-stbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2715-xtbd_firmware:-" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:got2000_gt2715-xtba_firmware:-" :
{"family" : "Mitsubishi"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mitsubishielectric | got_simple_gs2110-wtbd_firmware | - | cpe:/o:mitsubishielectric:got_simple_gs2110-wtbd_firmware:- |
| mitsubishielectric | got_simple_gs2107-wtbd_firmware | - | cpe:/o:mitsubishielectric:got_simple_gs2107-wtbd_firmware:- |
| mitsubishielectric | got2000_gt2104-rtbd_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2104-rtbd_firmware:- |
| mitsubishielectric | got2000_gt2103-pmbd_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2103-pmbd_firmware:- |
| mitsubishielectric | got2000_gt2103-pmbds_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2103-pmbds_firmware:- |
| mitsubishielectric | got2000_gt2103-pmbds2_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2103-pmbds2_firmware:- |
| mitsubishielectric | got2000_gt2103-pmbls_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2103-pmbls_firmware:- |
| mitsubishielectric | got2000_gt2107-wtbd_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2107-wtbd_firmware:- |
| mitsubishielectric | got2000_gt2310-vtba_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2310-vtba_firmware:- |
| mitsubishielectric | got2000_gt2310-vtbd_firmware | - | cpe:/o:mitsubishielectric:got2000_gt2310-vtbd_firmware:- |
Related
cvelist
cvelist
CVE-2021-20601
2021-11-23 14:42:53
cve
cve
CVE-2021-20601
2021-11-23 15:15:07
prion
prion
Input validation
2021-11-23 15:15:00
nvd
nvd
CVE-2021-20601
2021-11-23 15:15:07
ics
ics
Mitsubishi Electric GOT products
2021-11-16 12:00:00