Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for GOT2000 Series GT25 model by Mitsubishi Electric

    CVE-2022-40266 (GCVE-0-2022-40266)

    Vulnerability from nvd – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56
    VLAI
    Title
    Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
    Summary
    Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric GOT2000 Series GT27 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT25 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT23 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95633416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:56:28.262332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:56:41.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 Series GT27 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT25 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT23 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
                }
              ],
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-24T08:20:14.606Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95633416"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-40266",
        "datePublished": "2022-11-24T08:20:14.606Z",
        "dateReserved": "2022-09-08T19:40:16.931Z",
        "dateUpdated": "2025-04-25T17:56:41.874Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40266 (GCVE-0-2022-40266)

    Vulnerability from cvelistv5 – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56
    VLAI
    Title
    Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
    Summary
    Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric GOT2000 Series GT27 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT25 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT23 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95633416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:56:28.262332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:56:41.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 Series GT27 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT25 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT23 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
                }
              ],
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-24T08:20:14.606Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95633416"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-40266",
        "datePublished": "2022-11-24T08:20:14.606Z",
        "dateReserved": "2022-09-08T19:40:16.931Z",
        "dateUpdated": "2025-04-25T17:56:41.874Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }