CVE-2020-5599

Опубликовано: 07 июл. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Ссылки

https://jvn.jp/en/vu/JVNVU95413676/index.html
Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf
Vendor Advisory
https://jvn.jp/en/vu/JVNVU95413676/index.html
Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*

Версия до y (включая)

Одно из

cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01256

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-88

Связанные уязвимости

GHSA-5gwg-q76w-25g7

github

больше 3 лет назад