Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for got2000_gt27_firmware by mitsubishielectric

    CVE-2022-40266 (GCVE-0-2022-40266)

    Vulnerability from nvd – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56
    VLAI
    Title
    Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
    Summary
    Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric GOT2000 Series GT27 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT25 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT23 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95633416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:56:28.262332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:56:41.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 Series GT27 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT25 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT23 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
                }
              ],
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-24T08:20:14.606Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95633416"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-40266",
        "datePublished": "2022-11-24T08:20:14.606Z",
        "dateReserved": "2022-09-08T19:40:16.931Z",
        "dateUpdated": "2025-04-25T17:56:41.874Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20592 (GCVE-0-2021-20592)

    Vulnerability from nvd – Published: 2021-08-05 20:46 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
    Severity
    No CVSS data available.
    CWE
    • Missing synchronization
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000 Affected: communication driver versions 01.19.000 through 01.39.010
    Affected: versions 1.170C through 1.256S
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92414172/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "communication driver versions 01.19.000 through 01.39.010"
                },
                {
                  "status": "affected",
                  "version": "versions 1.170C through 1.256S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing synchronization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-21T19:06:33.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU92414172/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20592",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "communication driver versions 01.19.000 through 01.39.010"
                              },
                              {
                                "version_value": "communication driver versions 01.19.000 through 01.39.010"
                              },
                              {
                                "version_value": "communication driver versions 01.19.000 through 01.39.010"
                              },
                              {
                                "version_value": "versions 1.170C through 1.256S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing synchronization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU92414172/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU92414172/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20592",
        "datePublished": "2021-08-05T20:46:50.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20590 (GCVE-0-2021-20590)

    Vulnerability from nvd – Published: 2021-04-22 18:54 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
    Severity
    No CVSS data available.
    CWE
    • Improper authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GOT2000 series GT27 model Affected: VNC server version 01.39.010 and prior
    n/a GOT2000 series GT25 model Affected: VNC server version 01.39.010 and prior
    n/a GOT2000 series GT21 model GT2107-WTBD Affected: VNC server version 01.40.000 and prior
    n/a GOT2000 series GT21 model GT2107-WTSD Affected: VNC server version 01.40.000 and prior
    n/a GOT SIMPLE series GS21 model GS2110-WTBD-N Affected: VNC server version 01.40.000 and prior
    n/a GOT SIMPLE series GS21 model GS2107-WTBD-N Affected: VNC server version 01.40.000 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.626Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU97615777/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 series GT27 model",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.39.010 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 series GT25 model",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.39.010 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 series GT21 model GT2107-WTBD",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 series GT21 model GT2107-WTSD",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            },
            {
              "product": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            },
            {
              "product": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T17:51:58.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jvn.jp/vu/JVNVU97615777/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20590",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GOT2000 series GT27 model",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.39.010 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT2000 series GT25 model",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.39.010 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT2000 series GT21 model GT2107-WTBD",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT2000 series GT21 model GT2107-WTSD",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU97615777/index.html",
                  "refsource": "CONFIRM",
                  "url": "https://jvn.jp/vu/JVNVU97615777/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20590",
        "datePublished": "2021-04-22T18:54:28.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40266 (GCVE-0-2022-40266)

    Vulnerability from cvelistv5 – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56
    VLAI
    Title
    Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
    Summary
    Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric GOT2000 Series GT27 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT25 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT23 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95633416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:56:28.262332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:56:41.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 Series GT27 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT25 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT23 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
                }
              ],
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-24T08:20:14.606Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95633416"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-40266",
        "datePublished": "2022-11-24T08:20:14.606Z",
        "dateReserved": "2022-09-08T19:40:16.931Z",
        "dateUpdated": "2025-04-25T17:56:41.874Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20592 (GCVE-0-2021-20592)

    Vulnerability from cvelistv5 – Published: 2021-08-05 20:46 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
    Severity
    No CVSS data available.
    CWE
    • Missing synchronization
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000 Affected: communication driver versions 01.19.000 through 01.39.010
    Affected: versions 1.170C through 1.256S
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92414172/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "communication driver versions 01.19.000 through 01.39.010"
                },
                {
                  "status": "affected",
                  "version": "versions 1.170C through 1.256S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing synchronization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-21T19:06:33.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU92414172/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20592",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "communication driver versions 01.19.000 through 01.39.010"
                              },
                              {
                                "version_value": "communication driver versions 01.19.000 through 01.39.010"
                              },
                              {
                                "version_value": "communication driver versions 01.19.000 through 01.39.010"
                              },
                              {
                                "version_value": "versions 1.170C through 1.256S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing synchronization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU92414172/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU92414172/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20592",
        "datePublished": "2021-08-05T20:46:50.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20590 (GCVE-0-2021-20590)

    Vulnerability from cvelistv5 – Published: 2021-04-22 18:54 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
    Severity
    No CVSS data available.
    CWE
    • Improper authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GOT2000 series GT27 model Affected: VNC server version 01.39.010 and prior
    n/a GOT2000 series GT25 model Affected: VNC server version 01.39.010 and prior
    n/a GOT2000 series GT21 model GT2107-WTBD Affected: VNC server version 01.40.000 and prior
    n/a GOT2000 series GT21 model GT2107-WTSD Affected: VNC server version 01.40.000 and prior
    n/a GOT SIMPLE series GS21 model GS2110-WTBD-N Affected: VNC server version 01.40.000 and prior
    n/a GOT SIMPLE series GS21 model GS2107-WTBD-N Affected: VNC server version 01.40.000 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.626Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU97615777/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 series GT27 model",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.39.010 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 series GT25 model",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.39.010 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 series GT21 model GT2107-WTBD",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 series GT21 model GT2107-WTSD",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            },
            {
              "product": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            },
            {
              "product": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VNC server version 01.40.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T17:51:58.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jvn.jp/vu/JVNVU97615777/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20590",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GOT2000 series GT27 model",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.39.010 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT2000 series GT25 model",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.39.010 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT2000 series GT21 model GT2107-WTBD",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT2000 series GT21 model GT2107-WTSD",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VNC server version 01.40.000 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU97615777/index.html",
                  "refsource": "CONFIRM",
                  "url": "https://jvn.jp/vu/JVNVU97615777/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20590",
        "datePublished": "2021-04-22T18:54:28.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }