CVE-2020-5675

Severity CVSS v4.0:

Pending analysis

Type:

CWE-125 Out-of-bounds Read

Publication date:

04/12/2020

Last modified:

10/02/2022

Description

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x

7.50

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:L/Au:N/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 5.00 MEDIUM
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0

5.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2104-rtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2104-rtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2104-pmbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2104-pmbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2103-pmbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2103-pmbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gs2110-wtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gs2110-wtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gs2107-wtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gs2107-wtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:le7-40gu-l_firmware:1.00:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2104-rtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2104-rtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2104-pmbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2104-pmbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gt2103-pmbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gt2103-pmbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gs2110-wtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gs2110-wtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:gs2107-wtbd_firmware::::::::		01.39.000 (including)
cpe:2.3:h:mitsubishielectric:gs2107-wtbd:-:::::::*
cpe:2.3:o:mitsubishielectric:le7-40gu-l_firmware:1.00:::::::*

CVE-2020-5675

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools