CVE-2021-20608

Опубликовано: 17 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.

Ссылки

https://jvn.jp/vu/JVNVU93019896/index.html
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04
Third Party Advisory
US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf
Vendor Advisory
https://jvn.jp/vu/JVNVU93019896/index.html
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04
Third Party Advisory
US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*

Версия до 1.606g (включая)

EPSS

Процентиль: 49%

0.00258

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-jvfx-87xv-97xc

github

около 4 лет назад