Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2022-40266.NASL
HistoryNov 30, 2022 - 12:00 a.m.

Mitsubishi Electric GOT2000 (CVE-2022-40266)

2022-11-3000:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
mitsubishi electric
got2000
cve-2022-40266
input validation
ftp server
denial of service
tenable.ot

0.002 Low

EPSS

Percentile

52.0%

JSON

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

  • Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command. (CVE-2022-40266)

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500710);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");

  script_cve_id("CVE-2022-40266");

  script_name(english:"Mitsubishi Electric GOT2000 (CVE-2022-40266)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000
and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric
GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a
Denial of Service condition by sending specially crafted command.

  - Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server
    versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000
    and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows
    a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted
    command. (CVE-2022-40266)

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU95633416");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-333-01");
  # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?caedd73a");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Mitsubishi Electric recommends users update to the latest software versions: 

- GT27 Model: Update to FTP server versions 01.47.000 or later 
- GT25 Model: Update to FTP server versions 01.47.000 or later 
- GT23 Model: Update to FTP server versions 01.47.000 or later

The following steps were provided by Mitsubishi Electric to assist users in applying the update:");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40266");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt23_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt25_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:got2000_gt27_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Mitsubishi");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Mitsubishi');

var asset = tenable_ot::assets::get(vendor:'Mitsubishi');

var vuln_cpes = {
    "cpe:/o:mitsubishielectric:got2000_gt27_firmware" :
        {"versionEndIncluding" : "01.39.000", "family" : "Mitsubishi"},
    "cpe:/o:mitsubishielectric:got2000_gt25_firmware" :
        {"versionEndIncluding" : "01.39.000", "family" : "Mitsubishi"},
    "cpe:/o:mitsubishielectric:got2000_gt23_firmware" :
        {"versionEndIncluding" : "01.39.000", "family" : "Mitsubishi"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
mitsubishielectricgot2000_gt23_firmwarecpe:/o:mitsubishielectric:got2000_gt23_firmware
mitsubishielectricgot2000_gt25_firmwarecpe:/o:mitsubishielectric:got2000_gt25_firmware
mitsubishielectricgot2000_gt27_firmwarecpe:/o:mitsubishielectric:got2000_gt27_firmware

Related

cve 1
cvelist 1
nvd 1
prion 1
ics 1
cve
cve
CVE-2022-40266
2022-11-24 09:15:09
cvelist
cvelist
CVE-2022-40266 Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
2022-11-24 08:20:14
nvd
nvd
CVE-2022-40266
2022-11-24 09:15:09
prion
prion
Input validation
2022-11-24 09:15:00
ics
ics
Mitsubishi Electric GOT2000
2022-11-29 12:00:00

0.002 Low

EPSS

Percentile

52.0%

JSON
Related for TENABLE_OT_MITSUBISHI_CVE-2022-40266.NASL
cve1cvelist1nvd1prion1ics1