CVE-2023-3373
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-23 CVE Reserved
- 2023-08-03 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-330: Use of Insufficiently Random Values
- CWE-342: Predictable Exact Value from Previous Values
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU92167394/index.html | Third Party Advisory | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf | 2023-08-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gt21 Firmware Search vendor "Mitsubishielectric" for product "Gt21 Firmware" | < 01.50.000 Search vendor "Mitsubishielectric" for product "Gt21 Firmware" and version " < 01.50.000" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Gt21 Search vendor "Mitsubishielectric" for product "Gt21" | - | - |
Safe
|
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gs21 Firmware Search vendor "Mitsubishielectric" for product "Gs21 Firmware" | < 01.50.000 Search vendor "Mitsubishielectric" for product "Gs21 Firmware" and version " < 01.50.000" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Gs21 Search vendor "Mitsubishielectric" for product "Gs21" | - | - |
Safe
|