Lucene search

[email protected]NVD:CVE-2023-3373

HistoryAug 04, 2023 - 12:15 a.m.

CVE-2023-3373

2023-08-0400:15:14

CWE-342

CWE-330

[email protected]

web.nvd.nist.gov

mitsubishi electric

got2000 series

got simple series

ftp server

session hijacking

dos condition

cve-2023-3373

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

Affected configurations

NVD

Node

mitsubishielectricgt21_firmwareRange<01.50.000

AND

mitsubishielectricgt21Match-

Node

mitsubishielectricgs21_firmwareRange<01.50.000

AND

mitsubishielectricgs21Match-

References

jvn.jp/vu/JVNVU92167394/index.html

www.cisa.gov/news-events/ics-advisories/icsa-23-215-01

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

Related for NVD:CVE-2023-3373

cvelist1 cve1 ics1 nessus1 prion1