CVE-2020-5675

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

Una vulnerabilidad de lectura fuera de límites en el modelo GT21 de la serie GOT2000 (GT2107-WTBD V01.39.000 y anteriores, GT2107-WTSD V01.39.000 y anteriores, GT2104-RTBD V01.39.000 y anteriores, GT2104-PMBD V01. 39.000 y anteriores, y GT2103-PMBD V01.39.000 y anteriores), el modelo GS21 de la serie GOT (GS2110-WTBD V01.39.000 y anteriores, GS2107-WTBD V01.39.000 y anteriores, GS2110-WTBD-N V01.39. 000 y anteriores, y GS2107-WTBD-N V01.39.000 y anteriores), y el controlador de tensión de la serie LE7-40GU-L (LE7-40GU-L Datos del paquete de pantalla para CC-Link IEF Basic V1.00, LE7-40GU-L Datos del paquete de pantalla para MODBUS/TCP V1.00, y LE7-40GU-L Datos del paquete de pantalla para SLMP V1.00) permite que un atacante remoto provoque una condición de denegación de servicio (DoS) mediante el envío de un paquete especialmente diseñado. Como resultado, puede producirse un deterioro del rendimiento de la comunicación o una condición de denegación de servicio (DoS) de las funciones de comunicación TCP de los productos

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-06 CVE Reserved
2020-12-04 CVE Published
2023-08-20 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/vu/JVNVU99277775/index.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf	2022-02-10
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf	2022-02-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2107-wtbd Firmware Search vendor "Mitsubishielectric" for product "Gt2107-wtbd Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gt2107-wtbd Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2107-wtbd Search vendor "Mitsubishielectric" for product "Gt2107-wtbd"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2107-wtsd Firmware Search vendor "Mitsubishielectric" for product "Gt2107-wtsd Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gt2107-wtsd Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2107-wtsd Search vendor "Mitsubishielectric" for product "Gt2107-wtsd"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2104-rtbd Firmware Search vendor "Mitsubishielectric" for product "Gt2104-rtbd Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gt2104-rtbd Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2104-rtbd Search vendor "Mitsubishielectric" for product "Gt2104-rtbd"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2104-pmbd Firmware Search vendor "Mitsubishielectric" for product "Gt2104-pmbd Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gt2104-pmbd Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2104-pmbd Search vendor "Mitsubishielectric" for product "Gt2104-pmbd"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2103-pmbd Firmware Search vendor "Mitsubishielectric" for product "Gt2103-pmbd Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gt2103-pmbd Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt2103-pmbd Search vendor "Mitsubishielectric" for product "Gt2103-pmbd"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2110-wtbd Firmware Search vendor "Mitsubishielectric" for product "Gs2110-wtbd Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gs2110-wtbd Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2110-wtbd Search vendor "Mitsubishielectric" for product "Gs2110-wtbd"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2107-wtbd Firmware Search vendor "Mitsubishielectric" for product "Gs2107-wtbd Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gs2107-wtbd Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2107-wtbd Search vendor "Mitsubishielectric" for product "Gs2107-wtbd"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Le7-40gu-l Firmware Search vendor "Mitsubishielectric" for product "Le7-40gu-l Firmware"	1.00 Search vendor "Mitsubishielectric" for product "Le7-40gu-l Firmware" and version "1.00"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Le7-40gu-l Search vendor "Mitsubishielectric" for product "Le7-40gu-l"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2110-wtbd-n Firmware Search vendor "Mitsubishielectric" for product "Gs2110-wtbd-n Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gs2110-wtbd-n Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2110-wtbd-n Search vendor "Mitsubishielectric" for product "Gs2110-wtbd-n"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2107-wtbd-n Firmware Search vendor "Mitsubishielectric" for product "Gs2107-wtbd-n Firmware"	<= 01.39.000 Search vendor "Mitsubishielectric" for product "Gs2107-wtbd-n Firmware" and version " <= 01.39.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gs2107-wtbd-n Search vendor "Mitsubishielectric" for product "Gs2107-wtbd-n"	-	-	Safe