Vulnerability Details CVE-2021-20608
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://jvn.jp/vu/JVNVU93019896/index.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf
- https://jvn.jp/vu/JVNVU93019896/index.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf
Products affected by CVE-2021-20608
-
cpe:2.3:a:mitsubishielectric:gx_works2:-
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.11m
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.590q
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.595v
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.597x
-
cpe:2.3:a:mitsubishielectric:gx_works2:1.601b