Vulnerability Details CVE-2021-20606
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://jvn.jp/vu/JVNVU93817405/index.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf
- https://jvn.jp/vu/JVNVU93817405/index.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf
Products affected by CVE-2021-20606
-
cpe:2.3:a:mitsubishielectric:ezsocket:-
-
cpe:2.3:a:mitsubishielectric:ezsocket:3.0
-
cpe:2.3:a:mitsubishielectric:ezsocket:4.5
-
cpe:2.3:a:mitsubishielectric:ezsocket:4.6
-
cpe:2.3:a:mitsubishielectric:ezsocket:5.1
-
cpe:2.3:a:mitsubishielectric:gx_works2:-
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.11m
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.590q
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.595v
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.597x
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.601b
-
cpe:2.3:a:mitsubishielectric:melsoft_navigator:-
-
cpe:2.3:a:mitsubishielectric:melsoft_navigator:1.04e
-
cpe:2.3:a:mitsubishielectric:melsoft_navigator:2.62q
-
cpe:2.3:a:mitsubishielectric:melsoft_navigator:2.70y
-
cpe:2.3:a:mitsubishielectric:melsoft_navigator:2.74c