// For flags

CVE-2021-20592

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.

Una vulnerabilidad de falta de sincronización en el controlador de comunicación del modelo GT27 de la serie GOT2000 versiones 01.19.000 hasta 01.39.010, el controlador de comunicación del modelo GT25 versiones 01.19.000 hasta 01.39.010 y el controlador de comunicación del modelo GT23 versiones 01.19.000 hasta 01.39. 010 y GT SoftGOT2000 versiones 1.170C a 1.256S, permite a un atacante remoto no autenticado causar una condición de DoS en la función de comunicación esclava MODBUS/TCP de los productos al conectarse y desconectarse rápida y repetidamente del puerto de comunicación MODBUS/TCP en un objetivo. Es requerido un reinicio o un restablecimiento para recuperarse

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-17 CVE Reserved
  • 2021-08-05 CVE Published
  • 2024-04-20 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-662: Improper Synchronization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got2000 Gt27 Firmware
Search vendor "Mitsubishielectric" for product "Got2000 Gt27 Firmware"
 >= 01.19.000 <= 01.39.010
Search vendor "Mitsubishielectric" for product "Got2000 Gt27 Firmware" and version " >= 01.19.000 <= 01.39.010"
-
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got2000 Gt27
Search vendor "Mitsubishielectric" for product "Got2000 Gt27"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got2000 Gt25 Firmware
Search vendor "Mitsubishielectric" for product "Got2000 Gt25 Firmware"
 >= 01.19.000 <= 01.39.010
Search vendor "Mitsubishielectric" for product "Got2000 Gt25 Firmware" and version " >= 01.19.000 <= 01.39.010"
-
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got2000 Gt25
Search vendor "Mitsubishielectric" for product "Got2000 Gt25"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got2000 Gt23 Firmware
Search vendor "Mitsubishielectric" for product "Got2000 Gt23 Firmware"
 >= 01.19.000 <= 01.39.010
Search vendor "Mitsubishielectric" for product "Got2000 Gt23 Firmware" and version " >= 01.19.000 <= 01.39.010"
-
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got2000 Gt23
Search vendor "Mitsubishielectric" for product "Got2000 Gt23"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Gt Softgot2000
Search vendor "Mitsubishielectric" for product "Gt Softgot2000"
 >= 1.170c <= 1.256s
Search vendor "Mitsubishielectric" for product "Gt Softgot2000" and version " >= 1.170c <= 1.256s"
-
Affected